airflow
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
##
19
global:
20
imageRegistry: ""
21
## E.g.
22
## imagePullSecrets:
23
## - myRegistryKeySecretName
24
##
25
imagePullSecrets: []
26
defaultStorageClass: ""
27
## Security parameters
28
##
29
security:
30
## @param global.security.allowInsecureImages Allows skipping image verification
31
allowInsecureImages: false
32
## Compatibility adaptations for Kubernetes platforms
33
##
34
compatibility:
35
## Compatibility adaptations for Openshift
36
##
37
openshift:
38
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
39
##
40
adaptSecurityContext: auto
41
## @param global.compatibility.omitEmptySeLinuxOptions If set to true, removes the seLinuxOptions from the securityContexts when it is set to an empty object
42
##
43
omitEmptySeLinuxOptions: false
44
org: ""
45
## @section Common parameters
46
47
## @param kubeVersion Override Kubernetes version
48
##
49
kubeVersion: ""
50
## @param apiVersions Override Kubernetes API versions reported by .Capabilities
51
##
52
apiVersions: []
53
## @param nameOverride String to partially override common.names.name
54
##
55
nameOverride: ""
56
## @param fullnameOverride String to fully override common.names.fullname
57
##
58
fullnameOverride: ""
59
## @param namespaceOverride String to fully override common.names.namespace
60
##
61
namespaceOverride: ""
62
## @param commonLabels Labels to add to all deployed objects
63
##
64
commonLabels: {}
65
## @param commonAnnotations Annotations to add to all deployed objects
66
##
67
commonAnnotations: {}
68
## @param clusterDomain Kubernetes cluster domain name
69
##
70
clusterDomain: cluster.local
71
## @param extraDeploy Array of extra objects to deploy with the release
72
##
73
extraDeploy: []
74
## @param usePasswordFiles Mount credentials as files instead of using environment variables
75
##
76
usePasswordFiles: true
77
## Diagnostic mode
78
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
79
## @param diagnosticMode.command Command to override all containers in the chart release
80
## @param diagnosticMode.args Args to override all containers in the chart release
81
##
82
diagnosticMode:
83
enabled: false
84
command:
85
- sleep
86
args:
87
- infinity
88
## @section Airflow common parameters
89
90
## Iamguarded Airflow image version
91
## @param image.registry [default: REGISTRY_NAME] Airflow image registry
92
## @param image.repository [default: REPOSITORY_NAME/airflow] Airflow image repository
93
## @skip image.tag Airflow image tag (immutable tags are recommended)
94
## @param image.digest Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
95
## @param image.pullPolicy Airflow image pull policy
96
## @param image.pullSecrets Airflow image pull secrets
97
## @param image.debug Enable image debug mode
98
image:
99
registry: cgr.dev
100
repository: chainguard-private/airflow-iamguarded
101
tag: 2.11.1
102
digest: ""
103
## Specify a imagePullPolicy
104
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
105
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
106
##
107
pullPolicy: IfNotPresent
108
## Optionally specify an array of imagePullSecrets.
109
## Secrets must be manually created in the namespace.
110
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
111
## e.g:
112
## pullSecrets:
113
## - myRegistryKeySecretName
114
##
115
pullSecrets: []
116
## Set to true if you would like to see extra information on logs
117
##
118
debug: false
119
## Authentication parameters
120
##
121
auth:
122
## @param auth.username Username to access web UI
123
##
124
username: user
125
## @param auth.password Password to access web UI
126
##
127
password: ""
128
## @param auth.fernetKey Fernet key to secure connections
129
## ref: https://airflow.readthedocs.io/en/stable/howto/secure-connections.html
130
## ref: https://bcb.github.io/airflow/fernet-key
131
##
132
fernetKey: ""
133
## @param auth.secretKey Secret key to run your flask app
134
## ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key
135
##
136
secretKey: ""
137
## @param auth.jwtSecretKey JWT secret key to run your flask app
138
## ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html#secret-key
139
##
140
jwtSecretKey: ""
141
## @param auth.existingSecret Name of an existing secret to use for Airflow credentials
142
## `auth.password`, `auth.fernetKey`, and `auth.secretKey` will be ignored and picked up from this secret
143
## The secret must contain the keys `airflow-password`, `airflow-fernet-key` and `airflow-secret-key'
144
## The value is evaluated as a template
145
##
146
existingSecret: ""
147
## @param executor Airflow executor. Allowed values: `LocalExecutor`, `CeleryExecutor`, `KubernetesExecutor`, `SequentialExecutor` (Airflow 2.x only), `CeleryKubernetesExecutor` (Airflow 2.x only), and `LocalKubernetesExecutor` (Airflow 2.x only)
148
## ref: http://airflow.apache.org/docs/stable/executor/index.html
149
##
150
executor: CeleryExecutor
151
## @param loadExamples Switch to load some Airflow examples
152
##
153
loadExamples: false
154
## @param configuration Specify content for Airflow config file (auto-generated based on other parameters otherwise)
155
## ref: https://airflow.apache.org/docs/apache-airflow/stable/configurations-ref.html
156
## Use YAML format, then it's transformed to .cfg format by the chart. e.g:
157
## configuration:
158
## core:
159
## dags_folder: "/opt/iamguarded/airflow/dags"
160
## ... will be transformed to:
161
## [core]
162
## dags_folder = "/opt/iamguarded/airflow/dags"
163
##
164
configuration: {}
165
## @param overrideConfiguration Airflow common configuration override. Values defined here takes precedence over the ones defined at `configuration`
166
##
167
overrideConfiguration: {}
168
## @param localSettings Specify content for Airflow local settings (airflow_local_settings.py)
169
## ref: https://airflow.apache.org/docs/apache-airflow/stable/howto/set-config.html#configuring-local-settings
170
## e.g:
171
## localSettings: |-
172
## ...
173
##
174
localSettings: ""
175
## @param existingConfigmap Name of an existing ConfigMap with the Airflow config file and, optionally, the local settings file
176
##
177
existingConfigmap: ""
178
## Load custom DAGs files from a ConfigMap or Git repositories
179
## @param dags.enabled Enable loading DAGs from a ConfigMap or Git repositories
180
## @param dags.existingConfigmap Name of an existing ConfigMap with all the DAGs files you want to load in Airflow
181
## @param dags.repositories [array] Array of repositories from which to download DAG files
182
##
183
dags:
184
enabled: false
185
existingConfigmap: ""
186
## E.g:
187
## repositories:
188
## - repository: https://github.com/myuser/myrepo
189
## branch: main
190
## name: my-dags
191
## path: /
192
##
193
repositories: []
194
## @param dags.sshKey SSH Private key used to clone/sync DAGs from Git repositories (ignored if dags.existingSshKeySecret is set)
195
##
196
sshKey: ""
197
## @param dags.existingSshKeySecret Name of a secret containing the SSH private key used to clone/sync DAGs from Git repositories
198
##
199
existingSshKeySecret: ""
200
## @param dags.existingSshKeySecretKey Key in the existing secret containing the SSH private key
201
##
202
existingSshKeySecretKey: ""
203
## Load custom plugins from Git repositories
204
## @param plugins.enabled Enable loading plugins from Git repositories
205
## @param plugins.repositories [array] Array of repositories from which to download plugins
206
##
207
plugins:
208
enabled: false
209
## E.g:
210
## repositories:
211
## - repository: https://github.com/myuser/myrepo
212
## branch: main
213
## name: my-plugins
214
## path: /
215
##
216
repositories: []
217
## @param plugins.sshKey SSH Private key used to clone/sync plugins from Git repositories (ignored if plugins.existingSshKeySecret is set)
218
##
219
sshKey: ""
220
## @param plugins.existingSshKeySecret Name of a secret containing the SSH private key used to clone/sync plugins from Git repositories
221
##
222
existingSshKeySecret: ""
223
## @param plugins.existingSshKeySecretKey Key in the existing secret containing the SSH private key
224
##
225
existingSshKeySecretKey: ""
226
## Default init Containers
227
##
228
defaultInitContainers:
229
## Airflow "prepare-config" init container
230
## Used to prepare the Airflow configuration files for main containers to use them
231
##
232
prepareConfig:
233
## Configure "prepare-config" init-container Security Context
234
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
235
## @param defaultInitContainers.prepareConfig.containerSecurityContext.enabled Enabled "prepare-config" init-containers' Security Context
236
## @param defaultInitContainers.prepareConfig.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "prepare-config" init-containers
237
## @param defaultInitContainers.prepareConfig.containerSecurityContext.runAsUser Set runAsUser in "prepare-config" init-containers' Security Context
238
## @param defaultInitContainers.prepareConfig.containerSecurityContext.runAsGroup Set runAsUser in "prepare-config" init-containers' Security Context
239
## @param defaultInitContainers.prepareConfig.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "prepare-config" init-containers' Security Context
240
## @param defaultInitContainers.prepareConfig.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "prepare-config" init-containers' Security Context
241
## @param defaultInitContainers.prepareConfig.containerSecurityContext.privileged Set privileged in "prepare-config" init-containers' Security Context
242
## @param defaultInitContainers.prepareConfig.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "prepare-config" init-containers' Security Context
243
## @param defaultInitContainers.prepareConfig.containerSecurityContext.capabilities.add List of capabilities to be added in "prepare-config" init-containers
244
## @param defaultInitContainers.prepareConfig.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "prepare-config" init-containers
245
## @param defaultInitContainers.prepareConfig.containerSecurityContext.seccompProfile.type Set seccomp profile in "prepare-config" init-containers
246
##
247
containerSecurityContext:
248
enabled: true
249
seLinuxOptions: {}
250
runAsUser: 1001
251
runAsGroup: 1001
252
runAsNonRoot: true
253
readOnlyRootFilesystem: true
254
privileged: false
255
allowPrivilegeEscalation: false
256
capabilities:
257
add: []
258
drop: ["ALL"]
259
seccompProfile:
260
type: "RuntimeDefault"
261
## Airflow "prepare-config" init container resource requests and limits
262
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
263
## @param defaultInitContainers.prepareConfig.resourcesPreset Set Airflow "prepare-config" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.prepareConfig.resources is set (defaultInitContainers.prepareConfig.resources is recommended for production).
264
##
265
resourcesPreset: "nano"
266
## @param defaultInitContainers.prepareConfig.resources Set Airflow "prepare-config" init container requests and limits for different resources like CPU or memory (essential for production workloads)
267
## E.g:
268
## resources:
269
## requests:
270
## cpu: 2
271
## memory: 512Mi
272
## limits:
273
## cpu: 3
274
## memory: 1024Mi
275
##
276
resources: {}
277
## Airflow "wait-for-db-migrations" init container
278
## Used to wait for db migrations to be ready
279
##
280
waitForDBMigrations:
281
## Configure "wait-for-db-migrations" init-container Security Context
282
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
283
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.enabled Enabled "wait-for-db-migrations" init-containers' Security Context
284
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "wait-for-db-migrations" init-containers
285
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.runAsUser Set runAsUser in "wait-for-db-migrations" init-containers' Security Context
286
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.runAsGroup Set runAsUser in "wait-for-db-migrations" init-containers' Security Context
287
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "wait-for-db-migrations" init-containers' Security Context
288
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "wait-for-db-migrations" init-containers' Security Context
289
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.privileged Set privileged in "wait-for-db-migrations" init-containers' Security Context
290
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "wait-for-db-migrations" init-containers' Security Context
291
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.capabilities.add List of capabilities to be added in "wait-for-db-migrations" init-containers
292
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "wait-for-db-migrations" init-containers
293
## @param defaultInitContainers.waitForDBMigrations.containerSecurityContext.seccompProfile.type Set seccomp profile in "wait-for-db-migrations" init-containers
294
##
295
containerSecurityContext:
296
enabled: true
297
seLinuxOptions: {}
298
runAsUser: 1001
299
runAsGroup: 1001
300
runAsNonRoot: true
301
readOnlyRootFilesystem: true
302
privileged: false
303
allowPrivilegeEscalation: false
304
capabilities:
305
add: []
306
drop: ["ALL"]
307
seccompProfile:
308
type: "RuntimeDefault"
309
## Airflow "wait-for-db-migrations" init container resource requests and limits
310
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
311
## @param defaultInitContainers.waitForDBMigrations.resourcesPreset Set Airflow "wait-for-db-migrations" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.waitForDBMigrations.resources is set (defaultInitContainers.waitForDBMigrations.resources is recommended for production).
312
##
313
resourcesPreset: "micro"
314
## @param defaultInitContainers.waitForDBMigrations.resources Set Airflow "wait-for-db-migrations" init container requests and limits for different resources like CPU or memory (essential for production workloads)
315
## E.g:
316
## resources:
317
## requests:
318
## cpu: 2
319
## memory: 512Mi
320
## limits:
321
## cpu: 3
322
## memory: 1024Mi
323
##
324
resources: {}
325
prepareVenv:
326
## Configure "prepare-venv" init-container Security Context
327
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
328
## @param defaultInitContainers.prepareVenv.containerSecurityContext.enabled Enabled "prepare-venv" init-containers' Security Context
329
## @param defaultInitContainers.prepareVenv.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "prepare-venv" init-containers
330
## @param defaultInitContainers.prepareVenv.containerSecurityContext.runAsUser Set runAsUser in "prepare-venv" init-containers' Security Context
331
## @param defaultInitContainers.prepareVenv.containerSecurityContext.runAsGroup Set runAsUser in "prepare-venv" init-containers' Security Context
332
## @param defaultInitContainers.prepareVenv.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "prepare-venv" init-containers' Security Context
333
## @param defaultInitContainers.prepareVenv.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "prepare-venv" init-containers' Security Context
334
## @param defaultInitContainers.prepareVenv.containerSecurityContext.privileged Set privileged in "prepare-venv" init-containers' Security Context
335
## @param defaultInitContainers.prepareVenv.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "prepare-venv" init-containers' Security Context
336
## @param defaultInitContainers.prepareVenv.containerSecurityContext.capabilities.add List of capabilities to be added in "prepare-venv" init-containers
337
## @param defaultInitContainers.prepareVenv.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "prepare-venv" init-containers
338
## @param defaultInitContainers.prepareVenv.containerSecurityContext.seccompProfile.type Set seccomp profile in "prepare-venv" init-containers
339
##
340
containerSecurityContext:
341
enabled: true
342
seLinuxOptions: {}
343
runAsUser: 1001
344
runAsGroup: 1001
345
runAsNonRoot: true
346
readOnlyRootFilesystem: true
347
privileged: false
348
allowPrivilegeEscalation: false
349
capabilities:
350
add: []
351
drop: ["ALL"]
352
seccompProfile:
353
type: "RuntimeDefault"
354
## Airflow "prepare-venv" init container resource requests and limits
355
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
356
## @param defaultInitContainers.prepareVenv.resourcesPreset Set Airflow "prepare-venv" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.prepareVenv.resources is set (defaultInitContainers.prepareVenv.resources is recommended for production).
357
##
358
resourcesPreset: "nano"
359
## @param defaultInitContainers.prepareVenv.resources Set Airflow "prepare-venv" init container requests and limits for different resources like CPU or memory (essential for production workloads)
360
## E.g:
361
## resources:
362
## requests:
363
## cpu: 2
364
## memory: 512Mi
365
## limits:
366
## cpu: 3
367
## memory: 1024Mi
368
##
369
resources: {}
370
## Airflow "load-dags-plugins" init container
371
## Used to load DAGs and/or plugins from a ConfigMap or Git repositories
372
##
373
loadDAGsPlugins:
374
## @param defaultInitContainers.loadDAGsPlugins.command Override cmd
375
## @param defaultInitContainers.loadDAGsPlugins.args Override args
376
## @param defaultInitContainers.loadDAGsPlugins.extraVolumeMounts Add extra volume mounts
377
## @param defaultInitContainers.loadDAGsPlugins.extraEnvVars Add extra environment variables
378
## @param defaultInitContainers.loadDAGsPlugins.extraEnvVarsCM ConfigMap with extra environment variables
379
## @param defaultInitContainers.loadDAGsPlugins.extraEnvVarsSecret Secret with extra environment variables
380
command: []
381
args: []
382
extraVolumeMounts: []
383
extraEnvVars: []
384
extraEnvVarsCM: ""
385
extraEnvVarsSecret: ""
386
## Configure "load-dags-plugins" init-container Security Context
387
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
388
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.enabled Enabled "load-dags-plugins" init-containers' Security Context
389
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "load-dags-plugins" init-containers
390
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsUser Set runAsUser in "load-dags-plugins" init-containers' Security Context
391
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsGroup Set runAsUser in "load-dags-plugins" init-containers' Security Context
392
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "load-dags-plugins" init-containers' Security Context
393
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "load-dags-plugins" init-containers' Security Context
394
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.privileged Set privileged in "load-dags-plugins" init-containers' Security Context
395
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "load-dags-plugins" init-containers' Security Context
396
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.capabilities.add List of capabilities to be added in "load-dags-plugins" init-containers
397
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "load-dags-plugins" init-containers
398
## @param defaultInitContainers.loadDAGsPlugins.containerSecurityContext.seccompProfile.type Set seccomp profile in "load-dags-plugins" init-containers
399
##
400
containerSecurityContext:
401
enabled: true
402
seLinuxOptions: {}
403
runAsUser: 1001
404
runAsGroup: 1001
405
runAsNonRoot: true
406
readOnlyRootFilesystem: true
407
privileged: false
408
allowPrivilegeEscalation: false
409
capabilities:
410
add: []
411
drop: ["ALL"]
412
seccompProfile:
413
type: "RuntimeDefault"
414
## Airflow "load-dags-plugins" init container resource requests and limits
415
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
416
## @param defaultInitContainers.loadDAGsPlugins.resourcesPreset Set Airflow "load-dags-plugins" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultInitContainers.loadDAGsPlugins.resources is set (defaultInitContainers.loadDAGsPlugins.resources is recommended for production).
417
##
418
resourcesPreset: "nano"
419
## @param defaultInitContainers.loadDAGsPlugins.resources Set Airflow "load-dags-plugins" init container requests and limits for different resources like CPU or memory (essential for production workloads)
420
## E.g:
421
## resources:
422
## requests:
423
## cpu: 2
424
## memory: 512Mi
425
## limits:
426
## cpu: 3
427
## memory: 1024Mi
428
##
429
resources: {}
430
## Default sidecars
431
##
432
defaultSidecars:
433
## Airflow "sync-dags-plugins" sidecar
434
## Used to sync DAGs and/or plugins from Git repositories
435
##
436
syncDAGsPlugins:
437
## @param defaultSidecars.syncDAGsPlugins.interval Interval in seconds to pull the git repository containing the DAGs and/or plugins
438
## @param defaultSidecars.syncDAGsPlugins.command Override cmd
439
## @param defaultSidecars.syncDAGsPlugins.args Override args
440
## @param defaultSidecars.syncDAGsPlugins.extraVolumeMounts Add extra volume mounts
441
## @param defaultSidecars.syncDAGsPlugins.extraEnvVars Add extra environment variables
442
## @param defaultSidecars.syncDAGsPlugins.extraEnvVarsCM ConfigMap with extra environment variables
443
## @param defaultSidecars.syncDAGsPlugins.extraEnvVarsSecret Secret with extra environment variables
444
interval: 60
445
command: []
446
args: []
447
extraVolumeMounts: []
448
extraEnvVars: []
449
extraEnvVarsCM: ""
450
extraEnvVarsSecret: ""
451
## Configure "sync-dags-plugins" sidecar Security Context
452
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
453
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.enabled Enabled "sync-dags-plugins" sidecars' Security Context
454
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "sync-dags-plugins" sidecars
455
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsUser Set runAsUser in "sync-dags-plugins" sidecars' Security Context
456
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsGroup Set runAsUser in "sync-dags-plugins" sidecars' Security Context
457
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "sync-dags-plugins" sidecars' Security Context
458
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "sync-dags-plugins" sidecars' Security Context
459
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.privileged Set privileged in "sync-dags-plugins" sidecars' Security Context
460
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "sync-dags-plugins" sidecars' Security Context
461
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.capabilities.add List of capabilities to be added in "sync-dags-plugins" sidecars
462
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "sync-dags-plugins" sidecars
463
## @param defaultSidecars.syncDAGsPlugins.containerSecurityContext.seccompProfile.type Set seccomp profile in "sync-dags-plugins" sidecars
464
##
465
containerSecurityContext:
466
enabled: true
467
seLinuxOptions: {}
468
runAsUser: 1001
469
runAsGroup: 1001
470
runAsNonRoot: true
471
readOnlyRootFilesystem: true
472
privileged: false
473
allowPrivilegeEscalation: false
474
capabilities:
475
add: []
476
drop: ["ALL"]
477
seccompProfile:
478
type: "RuntimeDefault"
479
## Airflow "sync-dags-plugins" sidecar resource requests and limits
480
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
481
## @param defaultSidecars.syncDAGsPlugins.resourcesPreset Set Airflow "sync-dags-plugins" sidecar resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultSidecars.syncDAGsPlugins.resources is set (defaultSidecars.syncDAGsPlugins.resources is recommended for production).
482
##
483
resourcesPreset: "nano"
484
## @param defaultSidecars.syncDAGsPlugins.resources Set Airflow "sync-dags-plugins" sidecar requests and limits for different resources like CPU or memory (essential for production workloads)
485
## E.g:
486
## resources:
487
## requests:
488
## cpu: 2
489
## memory: 512Mi
490
## limits:
491
## cpu: 3
492
## memory: 1024Mi
493
##
494
resources: {}
495
## @param extraEnvVars Add extra environment variables for all the Airflow pods
496
##
497
extraEnvVars: []
498
## @param extraEnvVarsCM ConfigMap with extra environment variables for all the Airflow pods
499
##
500
extraEnvVarsCM: ""
501
## @param extraEnvVarsCMs List of ConfigMaps with extra environment variables for all the Airflow pods
502
##
503
extraEnvVarsCMs: []
504
## @param extraEnvVarsSecret Secret with extra environment variables for all the Airflow pods
505
##
506
extraEnvVarsSecret: ""
507
## @param extraEnvVarsSecrets List of secrets with extra environment variables for all the Airflow pods
508
##
509
extraEnvVarsSecrets: []
510
## @param sidecars Add additional sidecar containers to all the Airflow pods
511
## Example:
512
## sidecars:
513
## - name: your-image-name
514
## image: your-image
515
## imagePullPolicy: Always
516
## ports:
517
## - name: portname
518
## containerPort: 1234
519
##
520
sidecars: []
521
## @param initContainers Add additional init containers to all the Airflow pods
522
## Example:
523
## initContainers:
524
## - name: your-image-name
525
## image: your-image
526
## imagePullPolicy: Always
527
## ports:
528
## - name: portname
529
## containerPort: 1234
530
##
531
initContainers: []
532
## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for all the Airflow pods
533
##
534
extraVolumeMounts: []
535
## @param extraVolumes Optionally specify extra list of additional volumes for the all the Airflow pods
536
##
537
extraVolumes: []
538
## @section Airflow webserver parameters
539
##
540
web:
541
## @param web.baseUrl URL used to access to Airflow webserver
542
##
543
baseUrl: ""
544
## @param web.configuration Specify content for webserver_config.py (auto-generated based on other env. vars otherwise)
545
##
546
configuration: ""
547
## @param web.extraConfiguration Specify extra content to be appended to default webserver_config.py (ignored if `web.configuration` or `web.existingConfigmap` are set)
548
##
549
extraConfiguration: ""
550
## @param web.existingConfigmap Name of an existing config map containing the Airflow webserver config file
551
##
552
existingConfigmap: ""
553
## @param web.tls.enabled Enable TLS configuration for Airflow webserver
554
## @param web.tls.autoGenerated.enabled Enable automatic generation of TLS certificates
555
## @param web.tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
556
## @param web.tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
557
## @param web.tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
558
## @param web.tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
559
## @param web.tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
560
## @param web.tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
561
## @param web.tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
562
## @param web.tls.ca CA certificate for TLS. Ignored if `tls.existingSecret` is set
563
## @param web.tls.cert TLS certificate for Airflow webserver. Ignored if `tls.master.existingSecret` is set
564
## @param web.tls.key TLS key for Airflow webserver. Ignored if `tls.master.existingSecret` is set
565
## @param web.tls.existingSecret The name of an existing Secret containing the Airflow webserver certificates for TLS
566
##
567
tls:
568
enabled: false
569
autoGenerated:
570
enabled: true
571
engine: helm
572
certManager:
573
existingIssuer: ""
574
existingIssuerKind: ""
575
keySize: 2048
576
keyAlgorithm: RSA
577
duration: 2160h
578
renewBefore: 360h
579
ca: ""
580
cert: ""
581
key: ""
582
existingSecret: ""
583
## @param web.command Override default container command (useful when using custom images)
584
##
585
command: []
586
## @param web.args Override default container args (useful when using custom images)
587
##
588
args: []
589
## @param web.extraEnvVars Array with extra environment variables to add Airflow webserver pods
590
##
591
extraEnvVars: []
592
## @param web.extraEnvVarsCM ConfigMap containing extra environment variables for Airflow webserver pods
593
##
594
extraEnvVarsCM: ""
595
## @param web.extraEnvVarsCMs List of ConfigMaps with extra environment variables for Airflow webserver pods
596
##
597
extraEnvVarsCMs: []
598
## @param web.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Airflow webserver pods
599
##
600
extraEnvVarsSecret: ""
601
## @param web.extraEnvVarsSecrets List of secrets with extra environment variables for Airflow webserver pods
602
##
603
extraEnvVarsSecrets: []
604
## @param web.containerPorts.http Airflow webserver HTTP container port
605
##
606
containerPorts:
607
http: 8080
608
## @param web.replicaCount Number of Airflow webserver replicas
609
##
610
replicaCount: 1
611
## Configure extra options for Airflow webserver containers' liveness, readiness and startup probes
612
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
613
## @param web.livenessProbe.enabled Enable livenessProbe on Airflow webserver containers
614
## @param web.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
615
## @param web.livenessProbe.periodSeconds Period seconds for livenessProbe
616
## @param web.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
617
## @param web.livenessProbe.failureThreshold Failure threshold for livenessProbe
618
## @param web.livenessProbe.successThreshold Success threshold for livenessProbe
619
##
620
livenessProbe:
621
enabled: true
622
initialDelaySeconds: 180
623
periodSeconds: 20
624
timeoutSeconds: 5
625
failureThreshold: 6
626
successThreshold: 1
627
## @param web.readinessProbe.enabled Enable readinessProbe on Airflow webserver containers
628
## @param web.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
629
## @param web.readinessProbe.periodSeconds Period seconds for readinessProbe
630
## @param web.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
631
## @param web.readinessProbe.failureThreshold Failure threshold for readinessProbe
632
## @param web.readinessProbe.successThreshold Success threshold for readinessProbe
633
##
634
readinessProbe:
635
enabled: true
636
initialDelaySeconds: 30
637
periodSeconds: 10
638
timeoutSeconds: 5
639
failureThreshold: 6
640
successThreshold: 1
641
## @param web.startupProbe.enabled Enable startupProbe on Airflow webserver containers
642
## @param web.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
643
## @param web.startupProbe.periodSeconds Period seconds for startupProbe
644
## @param web.startupProbe.timeoutSeconds Timeout seconds for startupProbe
645
## @param web.startupProbe.failureThreshold Failure threshold for startupProbe
646
## @param web.startupProbe.successThreshold Success threshold for startupProbe
647
##
648
startupProbe:
649
enabled: false
650
initialDelaySeconds: 60
651
periodSeconds: 10
652
timeoutSeconds: 1
653
failureThreshold: 15
654
successThreshold: 1
655
## @param web.customLivenessProbe Custom livenessProbe that overrides the default one
656
##
657
customLivenessProbe: {}
658
## @param web.customReadinessProbe Custom readinessProbe that overrides the default one
659
##
660
customReadinessProbe: {}
661
## @param web.customStartupProbe Custom startupProbe that overrides the default one
662
##
663
customStartupProbe: {}
664
## Airflow webserver resource requests and limits
665
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
666
## @param web.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production).
667
##
668
resourcesPreset: "medium"
669
## @param web.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
670
## Example:
671
## resources:
672
## requests:
673
## cpu: 2
674
## memory: 512Mi
675
## limits:
676
## cpu: 3
677
## memory: 1024Mi
678
##
679
resources: {}
680
## Configure Airflow webserver pods Security Context
681
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
682
## @param web.podSecurityContext.enabled Enabled Airflow webserver pods' Security Context
683
## @param web.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
684
## @param web.podSecurityContext.sysctls Set kernel settings using the sysctl interface
685
## @param web.podSecurityContext.supplementalGroups Set filesystem extra groups
686
## @param web.podSecurityContext.fsGroup Set Airflow webserver pod's Security Context fsGroup
687
##
688
podSecurityContext:
689
enabled: true
690
fsGroupChangePolicy: Always
691
sysctls: []
692
supplementalGroups: []
693
fsGroup: 1001
694
## Configure Airflow webserver containers (only main one) Security Context
695
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
696
## @param web.containerSecurityContext.enabled Enabled Airflow webserver containers' Security Context
697
## @param web.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
698
## @param web.containerSecurityContext.runAsUser Set Airflow webserver containers' Security Context runAsUser
699
## @param web.containerSecurityContext.runAsGroup Set Airflow webserver containers' Security Context runAsGroup
700
## @param web.containerSecurityContext.runAsNonRoot Set Airflow webserver containers' Security Context runAsNonRoot
701
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
702
## @param web.containerSecurityContext.allowPrivilegeEscalation Set web container's Security Context allowPrivilegeEscalation
703
## @param web.containerSecurityContext.readOnlyRootFilesystem Set web container's Security Context readOnlyRootFilesystem
704
## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped
705
## @param web.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
706
##
707
containerSecurityContext:
708
enabled: true
709
seLinuxOptions: {}
710
runAsUser: 1001
711
runAsGroup: 1001
712
runAsNonRoot: true
713
privileged: false
714
allowPrivilegeEscalation: false
715
readOnlyRootFilesystem: true
716
capabilities:
717
drop: ["ALL"]
718
seccompProfile:
719
type: "RuntimeDefault"
720
## @param web.lifecycleHooks for the Airflow webserver container(s) to automate configuration before or after startup
721
##
722
lifecycleHooks: {}
723
## @param web.automountServiceAccountToken Mount Service Account token in pod
724
##
725
automountServiceAccountToken: false
726
## @param web.hostAliases Deployment pod host aliases
727
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
728
##
729
hostAliases: []
730
## @param web.podLabels Add extra labels to the Airflow webserver pods
731
##
732
podLabels: {}
733
## @param web.podAnnotations Add extra annotations to the Airflow webserver pods
734
##
735
podAnnotations: {}
736
## @param web.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
737
## i.e. topologyKey: topology.kubernetes.io/zone
738
##
739
topologyKey: ""
740
## @param web.affinity Affinity for Airflow webserver pods assignment (evaluated as a template)
741
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
742
## Note: `web.podAffinityPreset`, `web.podAntiAffinityPreset`, and `web.nodeAffinityPreset` will be ignored when it's set
743
##
744
affinity: {}
745
## Node affinity preset
746
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
747
## @param web.nodeAffinityPreset.key Node label key to match. Ignored if `web.affinity` is set.
748
## @param web.nodeAffinityPreset.type Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
749
## @param web.nodeAffinityPreset.values Node label values to match. Ignored if `web.affinity` is set.
750
##
751
nodeAffinityPreset:
752
## e.g:
753
## key: "kubernetes.io/e2e-az-name"
754
##
755
key: ""
756
type: ""
757
## e.g:
758
## values:
759
## - e2e-az1
760
## - e2e-az2
761
##
762
values: []
763
## @param web.nodeSelector Node labels for Airflow webserver pods assignment
764
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
765
##
766
nodeSelector: {}
767
## @param web.podAffinityPreset Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`.
768
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
769
##
770
podAffinityPreset: ""
771
## @param web.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`.
772
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
773
##
774
podAntiAffinityPreset: soft
775
## @param web.tolerations Tolerations for Airflow webserver pods assignment
776
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
777
##
778
tolerations: []
779
## @param web.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
780
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
781
##
782
topologySpreadConstraints: []
783
## @param web.priorityClassName Priority Class Name
784
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
785
##
786
priorityClassName: ""
787
## @param web.schedulerName Use an alternate scheduler, e.g. "stork".
788
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
789
##
790
schedulerName: ""
791
## @param web.terminationGracePeriodSeconds Seconds Airflow webserver pod needs to terminate gracefully
792
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
793
##
794
terminationGracePeriodSeconds: ""
795
## @param web.updateStrategy.type Airflow webserver deployment strategy type
796
## @param web.updateStrategy.rollingUpdate Airflow webserver deployment rolling update configuration parameters
797
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
798
##
799
updateStrategy:
800
type: RollingUpdate
801
rollingUpdate: {}
802
## @param web.sidecars Add additional sidecar containers to the Airflow webserver pods
803
## Example:
804
## sidecars:
805
## - name: your-image-name
806
## image: your-image
807
## imagePullPolicy: Always
808
## ports:
809
## - name: portname
810
## containerPort: 1234
811
##
812
sidecars: []
813
## @param web.initContainers Add additional init containers to the Airflow webserver pods
814
## Example:
815
## initContainers:
816
## - name: your-image-name
817
## image: your-image
818
## imagePullPolicy: Always
819
## ports:
820
## - name: portname
821
## containerPort: 1234
822
##
823
initContainers: []
824
## Specify temporary volume parameters for the Airflow webserver pods
825
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
826
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
827
##
828
emptyDir:
829
## @param web.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
830
## Possible values: "Memory", ""
831
##
832
medium: ""
833
ephemeral:
834
## @param web.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
835
##
836
enabled: false
837
## @param web.ephemeral.storageClass Storage class of backing PVC
838
## If defined, storageClassName: <storageClass>
839
## If set to "-", storageClassName: "", which disables dynamic provisioning
840
## If undefined (the default) or set to null, no storageClassName spec is
841
## set, choosing the default provisioner. (gp2 on AWS, standard on
842
## GKE, AWS & OpenStack)
843
##
844
storageClass: ""
845
## @param web.ephemeral.annotations Additional annotations for backing PVC
846
##
847
annotations: {}
848
## @param web.ephemeral.accessModes Persistent Volume Access Modes
849
##
850
accessModes:
851
- ReadWriteOnce
852
## @param web.ephemeral.size Size of the generic ephemeral volume
853
##
854
size: 8Gi
855
## @param web.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Airflow webserver pods
856
##
857
extraVolumeMounts: []
858
## @param web.extraVolumes Optionally specify extra list of additional volumes for the Airflow webserver pods
859
##
860
extraVolumes: []
861
## Airflow webserver Pod Disruption Budget
862
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
863
## @param web.pdb.create Deploy a pdb object for the Airflow webserver pods
864
## @param web.pdb.minAvailable Maximum number/percentage of unavailable Airflow webserver replicas
865
## @param web.pdb.maxUnavailable Maximum number/percentage of unavailable Airflow webserver replicas
866
##
867
pdb:
868
create: true
869
minAvailable: ""
870
maxUnavailable: ""
871
## Autoscaling configuration
872
## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
873
##
874
autoscaling:
875
## @param web.autoscaling.vpa.enabled Enable VPA for Airflow webserver
876
## @param web.autoscaling.vpa.annotations Annotations for VPA resource
877
## @param web.autoscaling.vpa.controlledResources List of resources that the VPA can control. Defaults to cpu and memory
878
## @param web.autoscaling.vpa.maxAllowed VPA max allowed resources for the pod
879
## @param web.autoscaling.vpa.minAllowed VPA min allowed resources for the pod
880
##
881
vpa:
882
enabled: false
883
annotations: {}
884
controlledResources: []
885
maxAllowed: {}
886
minAllowed: {}
887
## @param web.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
888
## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
889
## Possible values are "Off", "Initial", "Recreate", and "Auto".
890
##
891
updatePolicy:
892
updateMode: Auto
893
## @param web.autoscaling.hpa.enabled Enable HPA for Airflow webserver
894
## @param web.autoscaling.hpa.minReplicas Minimum number of replicas
895
## @param web.autoscaling.hpa.maxReplicas Maximum number of replicas
896
## @param web.autoscaling.hpa.targetCPU Target CPU utilization percentage
897
## @param web.autoscaling.hpa.targetMemory Target Memory utilization percentage
898
##
899
hpa:
900
enabled: false
901
minReplicas: ""
902
maxReplicas: ""
903
targetCPU: ""
904
targetMemory: ""
905
## Web Network Policies
906
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
907
##
908
networkPolicy:
909
## @param web.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
910
##
911
enabled: true
912
## @param web.networkPolicy.allowExternal Don't require client label for connections
913
## The Policy model to apply. When set to false, only pods with the correct
914
## client label will have network access to the ports Web is listening
915
## on. When true, Web will accept connections from any source
916
## (with the correct destination port).
917
##
918
allowExternal: true
919
## @param web.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
920
##
921
allowExternalEgress: true
922
## @param web.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
923
## e.g:
924
## extraIngress:
925
## - ports:
926
## - port: 1234
927
## from:
928
## - podSelector:
929
## - matchLabels:
930
## - role: frontend
931
## - podSelector:
932
## - matchExpressions:
933
## - key: role
934
## operator: In
935
## values:
936
## - frontend
937
extraIngress: []
938
## @param web.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
939
## e.g:
940
## extraEgress:
941
## - ports:
942
## - port: 1234
943
## to:
944
## - podSelector:
945
## - matchLabels:
946
## - role: frontend
947
## - podSelector:
948
## - matchExpressions:
949
## - key: role
950
## operator: In
951
## values:
952
## - frontend
953
##
954
extraEgress: []
955
## @param web.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
956
## @param web.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
957
##
958
ingressNSMatchLabels: {}
959
ingressNSPodMatchLabels: {}
960
## @section Airflow scheduler parameters
961
##
962
scheduler:
963
## @param scheduler.replicaCount Number of scheduler replicas
964
##
965
replicaCount: 1
966
## @param scheduler.command Override cmd
967
##
968
command: []
969
## @param scheduler.args Override args
970
##
971
args: []
972
## @param scheduler.extraEnvVars Add extra environment variables
973
##
974
extraEnvVars: []
975
## @param scheduler.extraEnvVarsCM ConfigMap with extra environment variables
976
##
977
extraEnvVarsCM: ""
978
## @param scheduler.extraEnvVarsCMs List of ConfigMaps with extra environment variables for Airflow scheduler pods
979
##
980
extraEnvVarsCMs: []
981
## @param scheduler.extraEnvVarsSecret Secret with extra environment variables
982
##
983
extraEnvVarsSecret: ""
984
## @param scheduler.extraEnvVarsSecrets List of secrets with extra environment variables for Airflow scheduler pods
985
##
986
extraEnvVarsSecrets: []
987
## Configure extra options for Airflow scheduler containers' liveness, readiness and startup probes
988
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
989
## @param scheduler.livenessProbe.enabled Enable livenessProbe on Airflow scheduler containers
990
## @param scheduler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
991
## @param scheduler.livenessProbe.periodSeconds Period seconds for livenessProbe
992
## @param scheduler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
993
## @param scheduler.livenessProbe.failureThreshold Failure threshold for livenessProbe
994
## @param scheduler.livenessProbe.successThreshold Success threshold for livenessProbe
995
##
996
livenessProbe:
997
enabled: true
998
initialDelaySeconds: 180
999
periodSeconds: 20
1000
timeoutSeconds: 15
1001
failureThreshold: 6
1002
successThreshold: 1
1003
## @param scheduler.readinessProbe.enabled Enable readinessProbe on Airflow scheduler containers
1004
## @param scheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1005
## @param scheduler.readinessProbe.periodSeconds Period seconds for readinessProbe
1006
## @param scheduler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1007
## @param scheduler.readinessProbe.failureThreshold Failure threshold for readinessProbe
1008
## @param scheduler.readinessProbe.successThreshold Success threshold for readinessProbe
1009
##
1010
readinessProbe:
1011
enabled: true
1012
initialDelaySeconds: 30
1013
periodSeconds: 10
1014
timeoutSeconds: 15
1015
failureThreshold: 6
1016
successThreshold: 1
1017
## @param scheduler.startupProbe.enabled Enable startupProbe on Airflow scheduler containers
1018
## @param scheduler.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1019
## @param scheduler.startupProbe.periodSeconds Period seconds for startupProbe
1020
## @param scheduler.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1021
## @param scheduler.startupProbe.failureThreshold Failure threshold for startupProbe
1022
## @param scheduler.startupProbe.successThreshold Success threshold for startupProbe
1023
##
1024
startupProbe:
1025
enabled: false
1026
initialDelaySeconds: 60
1027
periodSeconds: 10
1028
timeoutSeconds: 1
1029
failureThreshold: 15
1030
successThreshold: 1
1031
## @param scheduler.customLivenessProbe Custom livenessProbe that overrides the default one
1032
##
1033
customLivenessProbe: {}
1034
## @param scheduler.customReadinessProbe Custom readinessProbe that overrides the default one
1035
##
1036
customReadinessProbe: {}
1037
## @param scheduler.customStartupProbe Custom startupProbe that overrides the default one
1038
##
1039
customStartupProbe: {}
1040
## Airflow scheduler resource requests and limits
1041
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1042
## @param scheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if scheduler.resources is set (scheduler.resources is recommended for production).
1043
##
1044
resourcesPreset: "small"
1045
## @param scheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1046
## Example:
1047
## resources:
1048
## requests:
1049
## cpu: 2
1050
## memory: 512Mi
1051
## limits:
1052
## cpu: 3
1053
## memory: 1024Mi
1054
##
1055
resources: {}
1056
## Configure Airflow scheduler pods Security Context
1057
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1058
## @param scheduler.podSecurityContext.enabled Enabled Airflow scheduler pods' Security Context
1059
## @param scheduler.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1060
## @param scheduler.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1061
## @param scheduler.podSecurityContext.supplementalGroups Set filesystem extra groups
1062
## @param scheduler.podSecurityContext.fsGroup Set Airflow scheduler pod's Security Context fsGroup
1063
##
1064
podSecurityContext:
1065
enabled: true
1066
fsGroupChangePolicy: Always
1067
sysctls: []
1068
supplementalGroups: []
1069
fsGroup: 1001
1070
## Configure Airflow scheduler containers (only main one) Security Context
1071
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1072
## @param scheduler.containerSecurityContext.enabled Enabled Airflow scheduler containers' Security Context
1073
## @param scheduler.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1074
## @param scheduler.containerSecurityContext.runAsUser Set Airflow scheduler containers' Security Context runAsUser
1075
## @param scheduler.containerSecurityContext.runAsGroup Set Airflow scheduler containers' Security Context runAsGroup
1076
## @param scheduler.containerSecurityContext.runAsNonRoot Set Airflow scheduler containers' Security Context runAsNonRoot
1077
## @param scheduler.containerSecurityContext.privileged Set scheduler container's Security Context privileged
1078
## @param scheduler.containerSecurityContext.allowPrivilegeEscalation Set scheduler container's Security Context allowPrivilegeEscalation
1079
## @param scheduler.containerSecurityContext.readOnlyRootFilesystem Set scheduler container's Security Context readOnlyRootFilesystem
1080
## @param scheduler.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1081
## @param scheduler.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1082
##
1083
containerSecurityContext:
1084
enabled: true
1085
seLinuxOptions: {}
1086
runAsUser: 1001
1087
runAsGroup: 1001
1088
runAsNonRoot: true
1089
privileged: false
1090
allowPrivilegeEscalation: false
1091
readOnlyRootFilesystem: true
1092
capabilities:
1093
drop: ["ALL"]
1094
seccompProfile:
1095
type: "RuntimeDefault"
1096
## @param scheduler.lifecycleHooks for the Airflow scheduler container(s) to automate configuration before or after startup
1097
##
1098
lifecycleHooks: {}
1099
## @param scheduler.automountServiceAccountToken Mount Service Account token in pod
1100
##
1101
automountServiceAccountToken: false
1102
## @param scheduler.hostAliases Deployment pod host aliases
1103
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1104
##
1105
hostAliases: []
1106
## @param scheduler.podLabels Add extra labels to the Airflow scheduler pods
1107
##
1108
podLabels: {}
1109
## @param scheduler.podAnnotations Add extra annotations to the Airflow scheduler pods
1110
##
1111
podAnnotations: {}
1112
## @param scheduler.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
1113
## i.e. topologyKey: topology.kubernetes.io/zone
1114
##
1115
topologyKey: ""
1116
## @param scheduler.affinity Affinity for Airflow scheduler pods assignment (evaluated as a template)
1117
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1118
## Note: `scheduler.podAffinityPreset`, `scheduler.podAntiAffinityPreset`, and `scheduler.nodeAffinityPreset` will be ignored when it's set
1119
##
1120
affinity: {}
1121
## Node affinity preset
1122
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1123
## @param scheduler.nodeAffinityPreset.key Node label key to match. Ignored if `scheduler.affinity` is set.
1124
## @param scheduler.nodeAffinityPreset.type Node affinity preset type. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`
1125
## @param scheduler.nodeAffinityPreset.values Node label values to match. Ignored if `scheduler.affinity` is set.
1126
##
1127
nodeAffinityPreset:
1128
## e.g:
1129
## key: "kubernetes.io/e2e-az-name"
1130
##
1131
key: ""
1132
type: ""
1133
## e.g:
1134
## values:
1135
## - e2e-az1
1136
## - e2e-az2
1137
##
1138
values: []
1139
## @param scheduler.nodeSelector Node labels for Airflow scheduler pods assignment
1140
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1141
##
1142
nodeSelector: {}
1143
## @param scheduler.podAffinityPreset Pod affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`.
1144
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1145
##
1146
podAffinityPreset: ""
1147
## @param scheduler.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `scheduler.affinity` is set. Allowed values: `soft` or `hard`.
1148
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1149
##
1150
podAntiAffinityPreset: soft
1151
## @param scheduler.tolerations Tolerations for Airflow scheduler pods assignment
1152
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1153
##
1154
tolerations: []
1155
## @param scheduler.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1156
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1157
##
1158
topologySpreadConstraints: []
1159
## @param scheduler.priorityClassName Priority Class Name
1160
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
1161
##
1162
priorityClassName: ""
1163
## @param scheduler.schedulerName Use an alternate scheduler, e.g. "stork".
1164
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1165
##
1166
schedulerName: ""
1167
## @param scheduler.terminationGracePeriodSeconds Seconds Airflow scheduler pod needs to terminate gracefully
1168
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1169
##
1170
terminationGracePeriodSeconds: ""
1171
## @param scheduler.updateStrategy.type Airflow scheduler deployment strategy type
1172
## @param scheduler.updateStrategy.rollingUpdate Airflow scheduler deployment rolling update configuration parameters
1173
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
1174
##
1175
updateStrategy:
1176
type: RollingUpdate
1177
rollingUpdate: {}
1178
## @param scheduler.sidecars Add additional sidecar containers to the Airflow scheduler pods
1179
## Example:
1180
## sidecars:
1181
## - name: your-image-name
1182
## image: your-image
1183
## imagePullPolicy: Always
1184
## ports:
1185
## - name: portname
1186
## containerPort: 1234
1187
##
1188
sidecars: []
1189
## @param scheduler.initContainers Add additional init containers to the Airflow scheduler pods
1190
## Example:
1191
## initContainers:
1192
## - name: your-image-name
1193
## image: your-image
1194
## imagePullPolicy: Always
1195
## ports:
1196
## - name: portname
1197
## containerPort: 1234
1198
##
1199
initContainers: []
1200
## Specify temporary volume parameters for the Airflow scheduler pods
1201
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
1202
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
1203
##
1204
emptyDir:
1205
## @param scheduler.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
1206
## Possible values: "Memory", ""
1207
##
1208
medium: ""
1209
ephemeral:
1210
## @param scheduler.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
1211
##
1212
enabled: false
1213
## @param scheduler.ephemeral.storageClass Storage class of backing PVC
1214
## If defined, storageClassName: <storageClass>
1215
## If set to "-", storageClassName: "", which disables dynamic provisioning
1216
## If undefined (the default) or set to null, no storageClassName spec is
1217
## set, choosing the default provisioner. (gp2 on AWS, standard on
1218
## GKE, AWS & OpenStack)
1219
##
1220
storageClass: ""
1221
## @param scheduler.ephemeral.annotations Additional annotations for backing PVC
1222
##
1223
annotations: {}
1224
## @param scheduler.ephemeral.accessModes Persistent Volume Access Modes
1225
##
1226
accessModes:
1227
- ReadWriteOnce
1228
## @param scheduler.ephemeral.size Size of the generic ephemeral volume
1229
##
1230
size: 8Gi
1231
## @param scheduler.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Airflow scheduler pods
1232
##
1233
extraVolumeMounts: []
1234
## @param scheduler.extraVolumes Optionally specify extra list of additional volumes for the Airflow scheduler pods
1235
##
1236
extraVolumes: []
1237
## Airflow scheduler Pod Disruption Budget
1238
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
1239
## @param scheduler.pdb.create Deploy a pdb object for the Airflow scheduler pods
1240
## @param scheduler.pdb.minAvailable Maximum number/percentage of unavailable Airflow scheduler replicas
1241
## @param scheduler.pdb.maxUnavailable Maximum number/percentage of unavailable Airflow scheduler replicas
1242
##
1243
pdb:
1244
create: true
1245
minAvailable: ""
1246
maxUnavailable: ""
1247
## Autoscaling configuration
1248
## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
1249
##
1250
autoscaling:
1251
## @param scheduler.autoscaling.vpa.enabled Enable VPA for Airflow scheduler
1252
## @param scheduler.autoscaling.vpa.annotations Annotations for VPA resource
1253
## @param scheduler.autoscaling.vpa.controlledResources List of resources that the VPA can control. Defaults to cpu and memory
1254
## @param scheduler.autoscaling.vpa.maxAllowed VPA max allowed resources for the pod
1255
## @param scheduler.autoscaling.vpa.minAllowed VPA min allowed resources for the pod
1256
##
1257
vpa:
1258
enabled: false
1259
annotations: {}
1260
controlledResources: []
1261
maxAllowed: {}
1262
minAllowed: {}
1263
## @param scheduler.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
1264
## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
1265
## Possible values are "Off", "Initial", "Recreate", and "Auto".
1266
##
1267
updatePolicy:
1268
updateMode: Auto
1269
## @param scheduler.autoscaling.hpa.enabled Enable HPA for Airflow scheduler
1270
## @param scheduler.autoscaling.hpa.minReplicas Minimum number of replicas
1271
## @param scheduler.autoscaling.hpa.maxReplicas Maximum number of replicas
1272
## @param scheduler.autoscaling.hpa.targetCPU Target CPU utilization percentage
1273
## @param scheduler.autoscaling.hpa.targetMemory Target Memory utilization percentage
1274
##
1275
hpa:
1276
enabled: false
1277
minReplicas: ""
1278
maxReplicas: ""
1279
targetCPU: ""
1280
targetMemory: ""
1281
## Scheduler Network Policies
1282
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1283
##
1284
networkPolicy:
1285
## @param scheduler.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1286
##
1287
enabled: true
1288
## @param scheduler.networkPolicy.allowExternal Don't require client label for connections
1289
## The Policy model to apply. When set to false, only pods with the correct
1290
## client label will have network access to the ports Scheduler is listening
1291
## on. When true, Scheduler will accept connections from any source
1292
## (with the correct destination port).
1293
##
1294
allowExternal: true
1295
## @param scheduler.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1296
##
1297
allowExternalEgress: true
1298
## @param scheduler.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1299
## e.g:
1300
## extraIngress:
1301
## - ports:
1302
## - port: 1234
1303
## from:
1304
## - podSelector:
1305
## - matchLabels:
1306
## - role: frontend
1307
## - podSelector:
1308
## - matchExpressions:
1309
## - key: role
1310
## operator: In
1311
## values:
1312
## - frontend
1313
extraIngress: []
1314
## @param scheduler.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1315
## e.g:
1316
## extraEgress:
1317
## - ports:
1318
## - port: 1234
1319
## to:
1320
## - podSelector:
1321
## - matchLabels:
1322
## - role: frontend
1323
## - podSelector:
1324
## - matchExpressions:
1325
## - key: role
1326
## operator: In
1327
## values:
1328
## - frontend
1329
##
1330
extraEgress: []
1331
## @param scheduler.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1332
## @param scheduler.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1333
##
1334
ingressNSMatchLabels: {}
1335
ingressNSPodMatchLabels: {}
1336
## @section Airflow Dag Processor parameters
1337
## ref: https://airflow.apache.org/docs/apache-airflow/stable/authoring-and-scheduling/dagfile-processing.html
1338
##
1339
dagProcessor:
1340
## @param dagProcessor.enabled Run Airflow Dag Processor Manager as a standalone component
1341
##
1342
enabled: true
1343
## @param dagProcessor.replicaCount Number of Airflow Dag Processor replicas
1344
##
1345
replicaCount: 1
1346
## @param dagProcessor.command Override default Airflow Dag Processor cmd
1347
##
1348
command: []
1349
## @param dagProcessor.args Override default Airflow Dag Processor args
1350
##
1351
args: []
1352
## @param dagProcessor.extraEnvVars Add extra environment variables to Airflow Dag Processor containers
1353
##
1354
extraEnvVars: []
1355
## @param dagProcessor.extraEnvVarsCM ConfigMap with extra environment variables
1356
##
1357
extraEnvVarsCM: ""
1358
## @param dagProcessor.extraEnvVarsCMs List of ConfigMaps with extra environment variables for Airflow dagProcessor pods
1359
##
1360
extraEnvVarsCMs: []
1361
## @param dagProcessor.extraEnvVarsSecret Secret with extra environment variables
1362
##
1363
extraEnvVarsSecret: ""
1364
## Configure extra options for Airflow Dag Processor containers' liveness, readiness and startup probes
1365
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
1366
## @param dagProcessor.livenessProbe.enabled Enable livenessProbe on Airflow Dag Processor containers
1367
## @param dagProcessor.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1368
## @param dagProcessor.livenessProbe.periodSeconds Period seconds for livenessProbe
1369
## @param dagProcessor.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1370
## @param dagProcessor.livenessProbe.failureThreshold Failure threshold for livenessProbe
1371
## @param dagProcessor.livenessProbe.successThreshold Success threshold for livenessProbe
1372
##
1373
livenessProbe:
1374
enabled: true
1375
initialDelaySeconds: 180
1376
periodSeconds: 20
1377
timeoutSeconds: 15
1378
failureThreshold: 6
1379
successThreshold: 1
1380
## @param dagProcessor.readinessProbe.enabled Enable readinessProbe on Airflow Dag Processor containers
1381
## @param dagProcessor.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1382
## @param dagProcessor.readinessProbe.periodSeconds Period seconds for readinessProbe
1383
## @param dagProcessor.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1384
## @param dagProcessor.readinessProbe.failureThreshold Failure threshold for readinessProbe
1385
## @param dagProcessor.readinessProbe.successThreshold Success threshold for readinessProbe
1386
##
1387
readinessProbe:
1388
enabled: true
1389
initialDelaySeconds: 30
1390
periodSeconds: 10
1391
timeoutSeconds: 15
1392
failureThreshold: 6
1393
successThreshold: 1
1394
## @param dagProcessor.startupProbe.enabled Enable startupProbe on Airflow Dag Processor containers
1395
## @param dagProcessor.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1396
## @param dagProcessor.startupProbe.periodSeconds Period seconds for startupProbe
1397
## @param dagProcessor.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1398
## @param dagProcessor.startupProbe.failureThreshold Failure threshold for startupProbe
1399
## @param dagProcessor.startupProbe.successThreshold Success threshold for startupProbe
1400
##
1401
startupProbe:
1402
enabled: false
1403
initialDelaySeconds: 60
1404
periodSeconds: 10
1405
timeoutSeconds: 1
1406
failureThreshold: 15
1407
successThreshold: 1
1408
## @param dagProcessor.customLivenessProbe Custom livenessProbe that overrides the default one
1409
##
1410
customLivenessProbe: {}
1411
## @param dagProcessor.customReadinessProbe Custom readinessProbe that overrides the default one
1412
##
1413
customReadinessProbe: {}
1414
## @param dagProcessor.customStartupProbe Custom startupProbe that overrides the default one
1415
##
1416
customStartupProbe: {}
1417
## Airflow Dag Processor resource requests and limits
1418
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1419
## @param dagProcessor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dagProcessor.resources is set (dagProcessor.resources is recommended for production).
1420
##
1421
resourcesPreset: "small"
1422
## @param dagProcessor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1423
## Example:
1424
## resources:
1425
## requests:
1426
## cpu: 2
1427
## memory: 512Mi
1428
## limits:
1429
## cpu: 3
1430
## memory: 1024Mi
1431
##
1432
resources: {}
1433
## Configure Airflow Dag Processor pods Security Context
1434
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1435
## @param dagProcessor.podSecurityContext.enabled Enabled Airflow Dag Processor pods' Security Context
1436
## @param dagProcessor.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1437
## @param dagProcessor.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1438
## @param dagProcessor.podSecurityContext.supplementalGroups Set filesystem extra groups
1439
## @param dagProcessor.podSecurityContext.fsGroup Set Airflow Dag Processor pod's Security Context fsGroup
1440
##
1441
podSecurityContext:
1442
enabled: true
1443
fsGroupChangePolicy: Always
1444
sysctls: []
1445
supplementalGroups: []
1446
fsGroup: 1001
1447
## Configure Airflow Dag Processor containers (only main one) Security Context
1448
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1449
## @param dagProcessor.containerSecurityContext.enabled Enabled Airflow Dag Processor containers' Security Context
1450
## @param dagProcessor.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1451
## @param dagProcessor.containerSecurityContext.runAsUser Set Airflow Dag Processor containers' Security Context runAsUser
1452
## @param dagProcessor.containerSecurityContext.runAsGroup Set Airflow Dag Processor containers' Security Context runAsGroup
1453
## @param dagProcessor.containerSecurityContext.runAsNonRoot Set Airflow Dag Processor containers' Security Context runAsNonRoot
1454
## @param dagProcessor.containerSecurityContext.privileged Set Airflow Dag Processor container's Security Context privileged
1455
## @param dagProcessor.containerSecurityContext.allowPrivilegeEscalation Set Airflow Dag Processor container's Security Context allowPrivilegeEscalation
1456
## @param dagProcessor.containerSecurityContext.readOnlyRootFilesystem Set Airflow Dag Processor container's Security Context readOnlyRootFilesystem
1457
## @param dagProcessor.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1458
## @param dagProcessor.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1459
##
1460
containerSecurityContext:
1461
enabled: true
1462
seLinuxOptions: {}
1463
runAsUser: 1001
1464
runAsGroup: 1001
1465
runAsNonRoot: true
1466
privileged: false
1467
allowPrivilegeEscalation: false
1468
readOnlyRootFilesystem: true
1469
capabilities:
1470
drop: ["ALL"]
1471
seccompProfile:
1472
type: "RuntimeDefault"
1473
## @param dagProcessor.lifecycleHooks for the Airflow Dag Processor containers to automate configuration before or after startup
1474
##
1475
lifecycleHooks: {}
1476
## @param dagProcessor.automountServiceAccountToken Mount Service Account token in pod
1477
##
1478
automountServiceAccountToken: false
1479
## @param dagProcessor.hostAliases Deployment pod host aliases
1480
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1481
##
1482
hostAliases: []
1483
## @param dagProcessor.podLabels Add extra labels to the Airflow Dag Processor pods
1484
##
1485
podLabels: {}
1486
## @param dagProcessor.podAnnotations Add extra annotations to the Airflow Dag Processor pods
1487
##
1488
podAnnotations: {}
1489
## @param dagProcessor.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
1490
## i.e. topologyKey: topology.kubernetes.io/zone
1491
##
1492
topologyKey: ""
1493
## @param dagProcessor.affinity Affinity for Airflow Dag Processor pods assignment (evaluated as a template)
1494
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1495
## Note: `dagProcessor.podAffinityPreset`, `dagProcessor.podAntiAffinityPreset`, and `dagProcessor.nodeAffinityPreset` will be ignored when it's set
1496
##
1497
affinity: {}
1498
## Node affinity preset
1499
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1500
## @param dagProcessor.nodeAffinityPreset.key Node label key to match. Ignored if `dagProcessor.affinity` is set.
1501
## @param dagProcessor.nodeAffinityPreset.type Node affinity preset type. Ignored if `dagProcessor.affinity` is set. Allowed values: `soft` or `hard`
1502
## @param dagProcessor.nodeAffinityPreset.values Node label values to match. Ignored if `dagProcessor.affinity` is set.
1503
##
1504
nodeAffinityPreset:
1505
## e.g:
1506
## key: "kubernetes.io/e2e-az-name"
1507
##
1508
key: ""
1509
type: ""
1510
## e.g:
1511
## values:
1512
## - e2e-az1
1513
## - e2e-az2
1514
##
1515
values: []
1516
## @param dagProcessor.nodeSelector Node labels for Airflow Dag Processor pods assignment
1517
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1518
##
1519
nodeSelector: {}
1520
## @param dagProcessor.podAffinityPreset Pod affinity preset. Ignored if `dagProcessor.affinity` is set. Allowed values: `soft` or `hard`.
1521
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1522
##
1523
podAffinityPreset: ""
1524
## @param dagProcessor.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `dagProcessor.affinity` is set. Allowed values: `soft` or `hard`.
1525
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1526
##
1527
podAntiAffinityPreset: soft
1528
## @param dagProcessor.tolerations Tolerations for Airflow Dag Processor pods assignment
1529
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1530
##
1531
tolerations: []
1532
## @param dagProcessor.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1533
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1534
##
1535
topologySpreadConstraints: []
1536
## @param dagProcessor.priorityClassName Priority Class Name
1537
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
1538
##
1539
priorityClassName: ""
1540
## @param dagProcessor.schedulerName Use an alternate K8s scheduler, e.g. "stork".
1541
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1542
##
1543
schedulerName: ""
1544
## @param dagProcessor.terminationGracePeriodSeconds Seconds Airflow Dag Processor pod needs to terminate gracefully
1545
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1546
##
1547
terminationGracePeriodSeconds: ""
1548
## @param dagProcessor.updateStrategy.type Airflow Dag Processor deployment strategy type
1549
## @param dagProcessor.updateStrategy.rollingUpdate Airflow Dag Processor deployment rolling update configuration parameters
1550
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
1551
##
1552
updateStrategy:
1553
type: RollingUpdate
1554
rollingUpdate: {}
1555
## @param dagProcessor.sidecars Add additional sidecar containers to the Airflow Dag Processor pods
1556
## Example:
1557
## sidecars:
1558
## - name: your-image-name
1559
## image: your-image
1560
## imagePullPolicy: Always
1561
## ports:
1562
## - name: portname
1563
## containerPort: 1234
1564
##
1565
sidecars: []
1566
## @param dagProcessor.initContainers Add additional init containers to the Airflow Dag Processor pods
1567
## Example:
1568
## initContainers:
1569
## - name: your-image-name
1570
## image: your-image
1571
## imagePullPolicy: Always
1572
## ports:
1573
## - name: portname
1574
## containerPort: 1234
1575
##
1576
initContainers: []
1577
## Specify temporary volume parameters for the Airflow Dag Processor pods
1578
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
1579
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
1580
##
1581
emptyDir:
1582
## @param dagProcessor.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
1583
## Possible values: "Memory", ""
1584
##
1585
medium: ""
1586
ephemeral:
1587
## @param dagProcessor.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
1588
##
1589
enabled: false
1590
## @param dagProcessor.ephemeral.storageClass Storage class of backing PVC
1591
## If defined, storageClassName: <storageClass>
1592
## If set to "-", storageClassName: "", which disables dynamic provisioning
1593
## If undefined (the default) or set to null, no storageClassName spec is
1594
## set, choosing the default provisioner. (gp2 on AWS, standard on
1595
## GKE, AWS & OpenStack)
1596
##
1597
storageClass: ""
1598
## @param dagProcessor.ephemeral.annotations Additional annotations for backing PVC
1599
##
1600
annotations: {}
1601
## @param dagProcessor.ephemeral.accessModes Persistent Volume Access Modes
1602
##
1603
accessModes:
1604
- ReadWriteOnce
1605
## @param dagProcessor.ephemeral.size Size of the generic ephemeral volume
1606
##
1607
size: 8Gi
1608
## @param dagProcessor.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Airflow Dag Processor containers
1609
##
1610
extraVolumeMounts: []
1611
## @param dagProcessor.extraVolumes Optionally specify extra list of additional volumes for the Airflow Dag Processor pods
1612
##
1613
extraVolumes: []
1614
## Airflow Dag Processor Pod Disruption Budget
1615
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
1616
## @param dagProcessor.pdb.create Deploy a pdb object for the Airflow Dag Processor pods
1617
## @param dagProcessor.pdb.minAvailable Maximum number/percentage of unavailable Airflow Dag Processor replicas
1618
## @param dagProcessor.pdb.maxUnavailable Maximum number/percentage of unavailable Airflow Dag Processor replicas
1619
##
1620
pdb:
1621
create: true
1622
minAvailable: ""
1623
maxUnavailable: ""
1624
## Autoscaling configuration
1625
## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
1626
##
1627
autoscaling:
1628
## @param dagProcessor.autoscaling.vpa.enabled Enable VPA for Airflow Dag Processor
1629
## @param dagProcessor.autoscaling.vpa.annotations Annotations for VPA resource
1630
## @param dagProcessor.autoscaling.vpa.controlledResources List of resources that the VPA can control. Defaults to cpu and memory
1631
## @param dagProcessor.autoscaling.vpa.maxAllowed VPA max allowed resources for the pod
1632
## @param dagProcessor.autoscaling.vpa.minAllowed VPA min allowed resources for the pod
1633
##
1634
vpa:
1635
enabled: false
1636
annotations: {}
1637
controlledResources: []
1638
maxAllowed: {}
1639
minAllowed: {}
1640
## @param dagProcessor.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
1641
## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
1642
## Possible values are "Off", "Initial", "Recreate", and "Auto".
1643
##
1644
updatePolicy:
1645
updateMode: Auto
1646
## @param dagProcessor.autoscaling.hpa.enabled Enable HPA for Airflow Dag Processor
1647
## @param dagProcessor.autoscaling.hpa.minReplicas Minimum number of replicas
1648
## @param dagProcessor.autoscaling.hpa.maxReplicas Maximum number of replicas
1649
## @param dagProcessor.autoscaling.hpa.targetCPU Target CPU utilization percentage
1650
## @param dagProcessor.autoscaling.hpa.targetMemory Target Memory utilization percentage
1651
##
1652
hpa:
1653
enabled: false
1654
minReplicas: ""
1655
maxReplicas: ""
1656
targetCPU: ""
1657
targetMemory: ""
1658
## Airflow Dag Processor Network Policies
1659
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1660
##
1661
networkPolicy:
1662
## @param dagProcessor.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1663
##
1664
enabled: true
1665
## @param dagProcessor.networkPolicy.allowExternal Don't require client label for connections
1666
## The Policy model to apply. When set to false, only pods with the correct
1667
## client label will have network access to the ports Airflow Dag Processor is listening
1668
## on. When true, Airflow Dag Processor will accept connections from any source
1669
## (with the correct destination port).
1670
##
1671
allowExternal: true
1672
## @param dagProcessor.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1673
##
1674
allowExternalEgress: true
1675
## @param dagProcessor.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1676
## e.g:
1677
## extraIngress:
1678
## - ports:
1679
## - port: 1234
1680
## from:
1681
## - podSelector:
1682
## - matchLabels:
1683
## - role: frontend
1684
## - podSelector:
1685
## - matchExpressions:
1686
## - key: role
1687
## operator: In
1688
## values:
1689
## - frontend
1690
extraIngress: []
1691
## @param dagProcessor.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
1692
## e.g:
1693
## extraEgress:
1694
## - ports:
1695
## - port: 1234
1696
## to:
1697
## - podSelector:
1698
## - matchLabels:
1699
## - role: frontend
1700
## - podSelector:
1701
## - matchExpressions:
1702
## - key: role
1703
## operator: In
1704
## values:
1705
## - frontend
1706
##
1707
extraEgress: []
1708
## @param dagProcessor.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1709
## @param dagProcessor.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1710
##
1711
ingressNSMatchLabels: {}
1712
ingressNSPodMatchLabels: {}
1713
## @section Airflow Triggerer parameters
1714
## ref: https://airflow.apache.org/docs/apache-airflow/stable/authoring-and-scheduling/deferring.html#deferrable-operators-triggers
1715
##
1716
triggerer:
1717
## @param triggerer.enabled Run Airflow Triggerer as a standalone component
1718
##
1719
enabled: true
1720
## @param triggerer.defaultCapacity How many triggers a single Triggerer can run at once
1721
##
1722
defaultCapacity: 1000
1723
## @param triggerer.replicaCount Number of Airflow Triggerer replicas
1724
##
1725
replicaCount: 1
1726
## @param triggerer.command Override default Airflow Triggerer cmd
1727
##
1728
command: []
1729
## @param triggerer.args Override default Airflow Triggerer args
1730
##
1731
args: []
1732
## @param triggerer.extraEnvVars Add extra environment variables to Airflow Triggerer containers
1733
##
1734
extraEnvVars: []
1735
## @param triggerer.extraEnvVarsCM ConfigMap with extra environment variables
1736
##
1737
extraEnvVarsCM: ""
1738
## @param triggerer.extraEnvVarsCMs List of ConfigMaps with extra environment variables for Airflow triggerer pods
1739
##
1740
extraEnvVarsCMs: []
1741
## @param triggerer.extraEnvVarsSecret Secret with extra environment variables
1742
##
1743
extraEnvVarsSecret: ""
1744
## @param triggerer.containerPorts.logs Airflow Triggerer logs container port
1745
##
1746
containerPorts:
1747
logs: 8794
1748
## Configure extra options for Airflow Triggerer containers' liveness, readiness and startup probes
1749
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
1750
## @param triggerer.livenessProbe.enabled Enable livenessProbe on Airflow Triggerer containers
1751
## @param triggerer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1752
## @param triggerer.livenessProbe.periodSeconds Period seconds for livenessProbe
1753
## @param triggerer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1754
## @param triggerer.livenessProbe.failureThreshold Failure threshold for livenessProbe
1755
## @param triggerer.livenessProbe.successThreshold Success threshold for livenessProbe
1756
##
1757
livenessProbe:
1758
enabled: true
1759
initialDelaySeconds: 180
1760
periodSeconds: 20
1761
timeoutSeconds: 15
1762
failureThreshold: 6
1763
successThreshold: 1
1764
## @param triggerer.readinessProbe.enabled Enable readinessProbe on Airflow Triggerer containers
1765
## @param triggerer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1766
## @param triggerer.readinessProbe.periodSeconds Period seconds for readinessProbe
1767
## @param triggerer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1768
## @param triggerer.readinessProbe.failureThreshold Failure threshold for readinessProbe
1769
## @param triggerer.readinessProbe.successThreshold Success threshold for readinessProbe
1770
##
1771
readinessProbe:
1772
enabled: true
1773
initialDelaySeconds: 30
1774
periodSeconds: 10
1775
timeoutSeconds: 15
1776
failureThreshold: 6
1777
successThreshold: 1
1778
## @param triggerer.startupProbe.enabled Enable startupProbe on Airflow Triggerer containers
1779
## @param triggerer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1780
## @param triggerer.startupProbe.periodSeconds Period seconds for startupProbe
1781
## @param triggerer.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1782
## @param triggerer.startupProbe.failureThreshold Failure threshold for startupProbe
1783
## @param triggerer.startupProbe.successThreshold Success threshold for startupProbe
1784
##
1785
startupProbe:
1786
enabled: false
1787
initialDelaySeconds: 60
1788
periodSeconds: 10
1789
timeoutSeconds: 1
1790
failureThreshold: 15
1791
successThreshold: 1
1792
## @param triggerer.customLivenessProbe Custom livenessProbe that overrides the default one
1793
##
1794
customLivenessProbe: {}
1795
## @param triggerer.customReadinessProbe Custom readinessProbe that overrides the default one
1796
##
1797
customReadinessProbe: {}
1798
## @param triggerer.customStartupProbe Custom startupProbe that overrides the default one
1799
##
1800
customStartupProbe: {}
1801
## Airflow Triggerer resource requests and limits
1802
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1803
## @param triggerer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if triggerer.resources is set (triggerer.resources is recommended for production).
1804
##
1805
resourcesPreset: "small"
1806
## @param triggerer.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1807
## Example:
1808
## resources:
1809
## requests:
1810
## cpu: 2
1811
## memory: 512Mi
1812
## limits:
1813
## cpu: 3
1814
## memory: 1024Mi
1815
##
1816
resources: {}
1817
## Configure Airflow Triggerer pods Security Context
1818
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1819
## @param triggerer.podSecurityContext.enabled Enabled Airflow Triggerer pods' Security Context
1820
## @param triggerer.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1821
## @param triggerer.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1822
## @param triggerer.podSecurityContext.supplementalGroups Set filesystem extra groups
1823
## @param triggerer.podSecurityContext.fsGroup Set Airflow Triggerer pod's Security Context fsGroup
1824
##
1825
podSecurityContext:
1826
enabled: true
1827
fsGroupChangePolicy: Always
1828
sysctls: []
1829
supplementalGroups: []
1830
fsGroup: 1001
1831
## Configure Airflow Triggerer containers (only main one) Security Context
1832
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1833
## @param triggerer.containerSecurityContext.enabled Enabled Airflow Triggerer containers' Security Context
1834
## @param triggerer.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1835
## @param triggerer.containerSecurityContext.runAsUser Set Airflow Triggerer containers' Security Context runAsUser
1836
## @param triggerer.containerSecurityContext.runAsGroup Set Airflow Triggerer containers' Security Context runAsGroup
1837
## @param triggerer.containerSecurityContext.runAsNonRoot Set Airflow Triggerer containers' Security Context runAsNonRoot
1838
## @param triggerer.containerSecurityContext.privileged Set Airflow Triggerer container's Security Context privileged
1839
## @param triggerer.containerSecurityContext.allowPrivilegeEscalation Set Airflow Triggerer container's Security Context allowPrivilegeEscalation
1840
## @param triggerer.containerSecurityContext.readOnlyRootFilesystem Set Airflow Triggerer container's Security Context readOnlyRootFilesystem
1841
## @param triggerer.containerSecurityContext.capabilities.drop List of capabilities to be dropped
1842
## @param triggerer.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1843
##
1844
containerSecurityContext:
1845
enabled: true
1846
seLinuxOptions: {}
1847
runAsUser: 1001
1848
runAsGroup: 1001
1849
runAsNonRoot: true
1850
privileged: false
1851
allowPrivilegeEscalation: false
1852
readOnlyRootFilesystem: true
1853
capabilities:
1854
drop: ["ALL"]
1855
seccompProfile:
1856
type: "RuntimeDefault"
1857
## @param triggerer.lifecycleHooks for the Airflow Triggerer containers to automate configuration before or after startup
1858
##
1859
lifecycleHooks: {}
1860
## @param triggerer.automountServiceAccountToken Mount Service Account token in pod
1861
##
1862
automountServiceAccountToken: false
1863
## @param triggerer.hostAliases Deployment pod host aliases
1864
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1865
##
1866
hostAliases: []
1867
## @param triggerer.podLabels Add extra labels to the Airflow Triggerer pods
1868
##
1869
podLabels: {}
1870
## @param triggerer.podAnnotations Add extra annotations to the Airflow Triggerer pods
1871
##
1872
podAnnotations: {}
1873
## @param triggerer.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
1874
## i.e. topologyKey: topology.kubernetes.io/zone
1875
##
1876
topologyKey: ""
1877
## @param triggerer.affinity Affinity for Airflow Triggerer pods assignment (evaluated as a template)
1878
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1879
## Note: `triggerer.podAffinityPreset`, `triggerer.podAntiAffinityPreset`, and `triggerer.nodeAffinityPreset` will be ignored when it's set
1880
##
1881
affinity: {}
1882
## Node affinity preset
1883
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1884
## @param triggerer.nodeAffinityPreset.key Node label key to match. Ignored if `triggerer.affinity` is set.
1885
## @param triggerer.nodeAffinityPreset.type Node affinity preset type. Ignored if `triggerer.affinity` is set. Allowed values: `soft` or `hard`
1886
## @param triggerer.nodeAffinityPreset.values Node label values to match. Ignored if `triggerer.affinity` is set.
1887
##
1888
nodeAffinityPreset:
1889
## e.g:
1890
## key: "kubernetes.io/e2e-az-name"
1891
##
1892
key: ""
1893
type: ""
1894
## e.g:
1895
## values:
1896
## - e2e-az1
1897
## - e2e-az2
1898
##
1899
values: []
1900
## @param triggerer.nodeSelector Node labels for Airflow Triggerer pods assignment
1901
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1902
##
1903
nodeSelector: {}
1904
## @param triggerer.podAffinityPreset Pod affinity preset. Ignored if `triggerer.affinity` is set. Allowed values: `soft` or `hard`.
1905
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1906
##
1907
podAffinityPreset: ""
1908
## @param triggerer.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `triggerer.affinity` is set. Allowed values: `soft` or `hard`.
1909
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1910
##
1911
podAntiAffinityPreset: soft
1912
## @param triggerer.tolerations Tolerations for Airflow Triggerer pods assignment
1913
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1914
##
1915
tolerations: []
1916
## @param triggerer.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
1917
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1918
##
1919
topologySpreadConstraints: []
1920
## @param triggerer.priorityClassName Priority Class Name
1921
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
1922
##
1923
priorityClassName: ""
1924
## @param triggerer.schedulerName Use an alternate K8s scheduler, e.g. "stork".
1925
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1926
##
1927
schedulerName: ""
1928
## @param triggerer.terminationGracePeriodSeconds Seconds Airflow Triggerer pod needs to terminate gracefully
1929
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1930
##
1931
terminationGracePeriodSeconds: ""
1932
## @param triggerer.podManagementPolicy Pod management policy for the Airflow Triggerer statefulset
1933
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1934
##
1935
podManagementPolicy: OrderedReady
1936
## @param triggerer.updateStrategy.type Airflow Triggerer statefulset strategy type
1937
## @param triggerer.updateStrategy.rollingUpdate Airflow Triggerer statefulset rolling update configuration parameters
1938
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1939
##
1940
updateStrategy:
1941
type: RollingUpdate
1942
rollingUpdate: {}
1943
## @param triggerer.sidecars Add additional sidecar containers to the Airflow Triggerer pods
1944
## Example:
1945
## sidecars:
1946
## - name: your-image-name
1947
## image: your-image
1948
## imagePullPolicy: Always
1949
## ports:
1950
## - name: portname
1951
## containerPort: 1234
1952
##
1953
sidecars: []
1954
## @param triggerer.initContainers Add additional init containers to the Airflow Triggerer pods
1955
## Example:
1956
## initContainers:
1957
## - name: your-image-name
1958
## image: your-image
1959
## imagePullPolicy: Always
1960
## ports:
1961
## - name: portname
1962
## containerPort: 1234
1963
##
1964
initContainers: []
1965
## Specify temporary volume parameters for the Airflow Triggerer pods
1966
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
1967
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
1968
##
1969
emptyDir:
1970
## @param triggerer.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
1971
## Possible values: "Memory", ""
1972
##
1973
medium: ""
1974
ephemeral:
1975
## @param triggerer.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
1976
##
1977
enabled: false
1978
## @param triggerer.ephemeral.storageClass Storage class of backing PVC
1979
## If defined, storageClassName: <storageClass>
1980
## If set to "-", storageClassName: "", which disables dynamic provisioning
1981
## If undefined (the default) or set to null, no storageClassName spec is
1982
## set, choosing the default provisioner. (gp2 on AWS, standard on
1983
## GKE, AWS & OpenStack)
1984
##
1985
storageClass: ""
1986
## @param triggerer.ephemeral.annotations Additional annotations for backing PVC
1987
##
1988
annotations: {}
1989
## @param triggerer.ephemeral.accessModes Persistent Volume Access Modes
1990
##
1991
accessModes:
1992
- ReadWriteOnce
1993
## @param triggerer.ephemeral.size Size of the generic ephemeral volume
1994
##
1995
size: 8Gi
1996
## @param triggerer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Airflow Triggerer containers
1997
##
1998
extraVolumeMounts: []
1999
## @param triggerer.extraVolumes Optionally specify extra list of additional volumes for the Airflow Triggerer pods
2000
##
2001
extraVolumes: []
2002
## Airflow Triggerer Pod Disruption Budget
2003
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
2004
## @param triggerer.pdb.create Deploy a pdb object for the Airflow Triggerer pods
2005
## @param triggerer.pdb.minAvailable Maximum number/percentage of unavailable Airflow Triggerer replicas
2006
## @param triggerer.pdb.maxUnavailable Maximum number/percentage of unavailable Airflow Triggerer replicas
2007
##
2008
pdb:
2009
create: true
2010
minAvailable: ""
2011
maxUnavailable: ""
2012
## Autoscaling configuration
2013
## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
2014
##
2015
autoscaling:
2016
## @param triggerer.autoscaling.vpa.enabled Enable VPA for Airflow Triggerer
2017
## @param triggerer.autoscaling.vpa.annotations Annotations for VPA resource
2018
## @param triggerer.autoscaling.vpa.controlledResources List of resources that the VPA can control. Defaults to cpu and memory
2019
## @param triggerer.autoscaling.vpa.maxAllowed VPA max allowed resources for the pod
2020
## @param triggerer.autoscaling.vpa.minAllowed VPA min allowed resources for the pod
2021
##
2022
vpa:
2023
enabled: false
2024
annotations: {}
2025
controlledResources: []
2026
maxAllowed: {}
2027
minAllowed: {}
2028
## @param triggerer.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
2029
## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
2030
## Possible values are "Off", "Initial", "Recreate", and "Auto".
2031
##
2032
updatePolicy:
2033
updateMode: Auto
2034
## @param triggerer.autoscaling.hpa.enabled Enable HPA
2035
## @param triggerer.autoscaling.hpa.minReplicas Minimum number of replicas
2036
## @param triggerer.autoscaling.hpa.maxReplicas Maximum number of replicas
2037
## @param triggerer.autoscaling.hpa.targetCPU Target CPU utilization percentage
2038
## @param triggerer.autoscaling.hpa.targetMemory Target Memory utilization percentage
2039
##
2040
hpa:
2041
enabled: false
2042
minReplicas: ""
2043
maxReplicas: ""
2044
targetCPU: ""
2045
targetMemory: ""
2046
## Airflow Triggerer Persistence Parameters
2047
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes
2048
##
2049
persistence:
2050
## @param triggerer.persistence.enabled Enable logs persistence using Persistent Volume Claims
2051
##
2052
enabled: true
2053
## @param triggerer.persistence.storageClass Storage class of backing PVC
2054
## If defined, storageClassName: <storageClass>
2055
## If set to "-", storageClassName: "", which disables dynamic provisioning
2056
## If undefined (the default) or set to null, no storageClassName spec is
2057
## set, choosing the default provisioner. (gp2 on AWS, standard on
2058
## GKE, AWS & OpenStack)
2059
##
2060
storageClass: ""
2061
## @param triggerer.persistence.annotations Additional Persistent Volume Claim annotations
2062
##
2063
annotations: {}
2064
## @param triggerer.persistence.accessModes Persistent Volume Access Modes
2065
##
2066
accessModes:
2067
- ReadWriteOnce
2068
## @param triggerer.persistence.size Size of logs volume
2069
##
2070
size: 8Gi
2071
## @param triggerer.persistence.selector Selector to match an existing Persistent Volume for WordPress data PVC
2072
## If set, the PVC can't have a PV dynamically provisioned for it
2073
## E.g.
2074
## selector:
2075
## matchLabels:
2076
## app: my-app
2077
##
2078
selector: {}
2079
## @param triggerer.persistence.dataSource Custom PVC data source
2080
##
2081
dataSource: {}
2082
## @param triggerer.persistence.existingClaim The name of an existing PVC to use for persistence (only if triggerer.replicaCount=1)
2083
##
2084
existingClaim: ""
2085
## persistentVolumeClaimRetentionPolicy
2086
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
2087
## @param triggerer.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet
2088
## @param triggerer.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
2089
## @param triggerer.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
2090
##
2091
persistentVolumeClaimRetentionPolicy:
2092
enabled: false
2093
whenScaled: Retain
2094
whenDeleted: Retain
2095
## Airflow Triggerer Service
2096
##
2097
service:
2098
## @param triggerer.service.type Airflow Triggerer service type
2099
##
2100
type: ClusterIP
2101
## @param triggerer.service.ports.logs Airflow Triggerer service logs port
2102
##
2103
ports:
2104
logs: 8794
2105
## Node ports to expose
2106
## @param triggerer.service.nodePorts.logs Node port for Airflow Triggerer service logs
2107
## NOTE: choose port between <30000-32767>
2108
##
2109
nodePorts:
2110
logs: ""
2111
## @param triggerer.service.clusterIP Airflow Triggerer service Cluster IP
2112
## e.g.:
2113
## clusterIP: None
2114
##
2115
clusterIP: ""
2116
## @param triggerer.service.loadBalancerIP Airflow Triggerer service Load Balancer IP
2117
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2118
##
2119
loadBalancerIP: ""
2120
## @param triggerer.service.loadBalancerSourceRanges Airflow Triggerer service Load Balancer sources
2121
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2122
## e.g:
2123
## loadBalancerSourceRanges:
2124
## - 10.10.10.0/24
2125
##
2126
loadBalancerSourceRanges: []
2127
## @param triggerer.service.externalTrafficPolicy Airflow Triggerer service external traffic policy
2128
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2129
##
2130
externalTrafficPolicy: Cluster
2131
## @param triggerer.service.annotations Additional custom annotations for Airflow Triggerer service
2132
##
2133
annotations: {}
2134
## @param triggerer.service.extraPorts Extra ports to expose in Airflow Triggerer service (normally used with the `triggerer.sidecars` value)
2135
##
2136
extraPorts: []
2137
## @param triggerer.service.sessionAffinity Control where client requests go, to the same pod or round-robin
2138
## Values: ClientIP or None
2139
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
2140
##
2141
sessionAffinity: None
2142
## @param triggerer.service.sessionAffinityConfig Additional settings for the sessionAffinity
2143
## sessionAffinityConfig:
2144
## clientIP:
2145
## timeoutSeconds: 300
2146
##
2147
sessionAffinityConfig: {}
2148
## Airflow Triggerer Network Policies
2149
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2150
##
2151
networkPolicy:
2152
## @param triggerer.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2153
##
2154
enabled: true
2155
## @param triggerer.networkPolicy.allowExternal Don't require client label for connections
2156
## The Policy model to apply. When set to false, only pods with the correct
2157
## client label will have network access to the ports Airflow Triggerer is listening
2158
## on. When true, Airflow Triggerer will accept connections from any source
2159
## (with the correct destination port).
2160
##
2161
allowExternal: true
2162
## @param triggerer.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2163
##
2164
allowExternalEgress: true
2165
## @param triggerer.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2166
## e.g:
2167
## extraIngress:
2168
## - ports:
2169
## - port: 1234
2170
## from:
2171
## - podSelector:
2172
## - matchLabels:
2173
## - role: frontend
2174
## - podSelector:
2175
## - matchExpressions:
2176
## - key: role
2177
## operator: In
2178
## values:
2179
## - frontend
2180
extraIngress: []
2181
## @param triggerer.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2182
## e.g:
2183
## extraEgress:
2184
## - ports:
2185
## - port: 1234
2186
## to:
2187
## - podSelector:
2188
## - matchLabels:
2189
## - role: frontend
2190
## - podSelector:
2191
## - matchExpressions:
2192
## - key: role
2193
## operator: In
2194
## values:
2195
## - frontend
2196
##
2197
extraEgress: []
2198
## @param triggerer.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2199
## @param triggerer.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2200
##
2201
ingressNSMatchLabels: {}
2202
ingressNSPodMatchLabels: {}
2203
## @section Airflow worker parameters
2204
##
2205
worker:
2206
## @param worker.command Override default container command (useful when using custom images)
2207
##
2208
command: []
2209
## @param worker.args Override default container args (useful when using custom images)
2210
##
2211
args: []
2212
## @param worker.extraEnvVars Array with extra environment variables to add Airflow worker pods
2213
##
2214
extraEnvVars: []
2215
## @param worker.extraEnvVarsCM ConfigMap containing extra environment variables for Airflow worker pods
2216
##
2217
extraEnvVarsCM: ""
2218
## @param worker.extraEnvVarsCMs List of ConfigMaps with extra environment variables for Airflow worker pods
2219
##
2220
extraEnvVarsCMs: []
2221
## @param worker.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Airflow worker pods
2222
##
2223
extraEnvVarsSecret: ""
2224
## @param worker.extraEnvVarsSecrets List of secrets with extra environment variables for Airflow worker pods
2225
##
2226
extraEnvVarsSecrets: []
2227
## @param worker.containerPorts.http Airflow worker HTTP container port
2228
##
2229
containerPorts:
2230
http: 8793
2231
## @param worker.replicaCount Number of Airflow worker replicas
2232
##
2233
replicaCount: 1
2234
## Configure extra options for Airflow worker containers' liveness, readiness and startup probes
2235
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
2236
## @param worker.livenessProbe.enabled Enable livenessProbe on Airflow worker containers
2237
## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2238
## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe
2239
## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2240
## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe
2241
## @param worker.livenessProbe.successThreshold Success threshold for livenessProbe
2242
##
2243
livenessProbe:
2244
enabled: true
2245
initialDelaySeconds: 180
2246
periodSeconds: 20
2247
timeoutSeconds: 5
2248
failureThreshold: 6
2249
successThreshold: 1
2250
## @param worker.readinessProbe.enabled Enable readinessProbe on Airflow worker containers
2251
## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2252
## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe
2253
## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2254
## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe
2255
## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe
2256
##
2257
readinessProbe:
2258
enabled: true
2259
initialDelaySeconds: 30
2260
periodSeconds: 10
2261
timeoutSeconds: 5
2262
failureThreshold: 6
2263
successThreshold: 1
2264
## @param worker.startupProbe.enabled Enable startupProbe on Airflow worker containers
2265
## @param worker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2266
## @param worker.startupProbe.periodSeconds Period seconds for startupProbe
2267
## @param worker.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2268
## @param worker.startupProbe.failureThreshold Failure threshold for startupProbe
2269
## @param worker.startupProbe.successThreshold Success threshold for startupProbe
2270
##
2271
startupProbe:
2272
enabled: false
2273
initialDelaySeconds: 60
2274
periodSeconds: 10
2275
timeoutSeconds: 1
2276
failureThreshold: 15
2277
successThreshold: 1
2278
## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one
2279
##
2280
customLivenessProbe: {}
2281
## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one
2282
##
2283
customReadinessProbe: {}
2284
## @param worker.customStartupProbe Custom startupProbe that overrides the default one
2285
##
2286
customStartupProbe: {}
2287
## Airflow worker resource requests and limits
2288
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2289
## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production).
2290
##
2291
resourcesPreset: "large"
2292
## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2293
## Example:
2294
## resources:
2295
## requests:
2296
## cpu: 2
2297
## memory: 512Mi
2298
## limits:
2299
## cpu: 3
2300
## memory: 1024Mi
2301
##
2302
resources: {}
2303
## Configure Airflow worker pods Security Context
2304
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2305
## @param worker.podSecurityContext.enabled Enabled Airflow worker pods' Security Context
2306
## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2307
## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2308
## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups
2309
## @param worker.podSecurityContext.fsGroup Set Airflow worker pod's Security Context fsGroup
2310
##
2311
podSecurityContext:
2312
enabled: true
2313
fsGroupChangePolicy: Always
2314
sysctls: []
2315
supplementalGroups: []
2316
fsGroup: 1001
2317
## Configure Airflow worker containers (only main one) Security Context
2318
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2319
## @param worker.containerSecurityContext.enabled Enabled Airflow worker containers' Security Context
2320
## @param worker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2321
## @param worker.containerSecurityContext.runAsUser Set Airflow worker containers' Security Context runAsUser
2322
## @param worker.containerSecurityContext.runAsGroup Set Airflow worker containers' Security Context runAsGroup
2323
## @param worker.containerSecurityContext.runAsNonRoot Set Airflow worker containers' Security Context runAsNonRoot
2324
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
2325
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set worker container's Security Context allowPrivilegeEscalation
2326
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set worker container's Security Context readOnlyRootFilesystem
2327
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
2328
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2329
##
2330
containerSecurityContext:
2331
enabled: true
2332
seLinuxOptions: {}
2333
runAsUser: 1001
2334
runAsGroup: 1001
2335
runAsNonRoot: true
2336
privileged: false
2337
allowPrivilegeEscalation: false
2338
readOnlyRootFilesystem: true
2339
capabilities:
2340
drop: ["ALL"]
2341
seccompProfile:
2342
type: "RuntimeDefault"
2343
## @param worker.lifecycleHooks for the Airflow worker container(s) to automate configuration before or after startup
2344
##
2345
lifecycleHooks: {}
2346
## @param worker.automountServiceAccountToken Mount Service Account token in pod
2347
##
2348
automountServiceAccountToken: false
2349
## @param worker.hostAliases Deployment pod host aliases
2350
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2351
##
2352
hostAliases: []
2353
## @param worker.podLabels Add extra labels to the Airflow worker pods
2354
##
2355
podLabels: {}
2356
## @param worker.podAnnotations Add extra annotations to the Airflow worker pods
2357
##
2358
podAnnotations: {}
2359
## @param worker.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
2360
## i.e. topologyKey: topology.kubernetes.io/zone
2361
##
2362
topologyKey: ""
2363
## @param worker.affinity Affinity for Airflow worker pods assignment (evaluated as a template)
2364
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2365
## Note: `worker.podAffinityPreset`, `worker.podAntiAffinityPreset`, and `worker.nodeAffinityPreset` will be ignored when it's set
2366
##
2367
affinity: {}
2368
## Node affinity preset
2369
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2370
## @param worker.nodeAffinityPreset.key Node label key to match. Ignored if `worker.affinity` is set.
2371
## @param worker.nodeAffinityPreset.type Node affinity preset type. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`
2372
## @param worker.nodeAffinityPreset.values Node label values to match. Ignored if `worker.affinity` is set.
2373
##
2374
nodeAffinityPreset:
2375
## e.g:
2376
## key: "kubernetes.io/e2e-az-name"
2377
##
2378
key: ""
2379
type: ""
2380
## e.g:
2381
## values:
2382
## - e2e-az1
2383
## - e2e-az2
2384
##
2385
values: []
2386
## @param worker.nodeSelector Node labels for Airflow worker pods assignment
2387
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2388
##
2389
nodeSelector: {}
2390
## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`.
2391
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2392
##
2393
podAffinityPreset: ""
2394
## @param worker.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`.
2395
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2396
##
2397
podAntiAffinityPreset: soft
2398
## @param worker.tolerations Tolerations for Airflow worker pods assignment
2399
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2400
##
2401
tolerations: []
2402
## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
2403
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2404
##
2405
topologySpreadConstraints: []
2406
## @param worker.priorityClassName Priority Class Name
2407
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
2408
##
2409
priorityClassName: ""
2410
## @param worker.schedulerName Use an alternate scheduler, e.g. "stork".
2411
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2412
##
2413
schedulerName: ""
2414
## @param worker.terminationGracePeriodSeconds Seconds Airflow worker pod needs to terminate gracefully
2415
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
2416
##
2417
terminationGracePeriodSeconds: ""
2418
## @param worker.podManagementPolicy Pod management policy for the worker statefulset
2419
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
2420
##
2421
podManagementPolicy: OrderedReady
2422
## @param worker.updateStrategy.type Airflow worker statefulset strategy type
2423
## @param worker.updateStrategy.rollingUpdate Airflow worker statefulset rolling update configuration parameters
2424
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2425
##
2426
updateStrategy:
2427
type: RollingUpdate
2428
rollingUpdate: {}
2429
## @param worker.sidecars Add additional sidecar containers to the Airflow worker pods
2430
## Example:
2431
## sidecars:
2432
## - name: your-image-name
2433
## image: your-image
2434
## imagePullPolicy: Always
2435
## ports:
2436
## - name: portname
2437
## containerPort: 1234
2438
##
2439
sidecars: []
2440
## @param worker.initContainers Add additional init containers to the Airflow worker pods
2441
## Example:
2442
## initContainers:
2443
## - name: your-image-name
2444
## image: your-image
2445
## imagePullPolicy: Always
2446
## ports:
2447
## - name: portname
2448
## containerPort: 1234
2449
##
2450
initContainers: []
2451
## Specify temporary volume parameters for the Airflow worker pods
2452
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
2453
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
2454
##
2455
emptyDir:
2456
## @param worker.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
2457
## Possible values: "Memory", ""
2458
##
2459
medium: ""
2460
ephemeral:
2461
## @param worker.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
2462
##
2463
enabled: false
2464
## @param worker.ephemeral.storageClass Storage class of backing PVC
2465
## If defined, storageClassName: <storageClass>
2466
## If set to "-", storageClassName: "", which disables dynamic provisioning
2467
## If undefined (the default) or set to null, no storageClassName spec is
2468
## set, choosing the default provisioner. (gp2 on AWS, standard on
2469
## GKE, AWS & OpenStack)
2470
##
2471
storageClass: ""
2472
## @param worker.ephemeral.annotations Additional annotations for backing PVC
2473
##
2474
annotations: {}
2475
## @param worker.ephemeral.accessModes Persistent Volume Access Modes
2476
##
2477
accessModes:
2478
- ReadWriteOnce
2479
## @param worker.ephemeral.size Size of the generic ephemeral volume
2480
##
2481
size: 8Gi
2482
## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Airflow worker pods
2483
##
2484
extraVolumeMounts: []
2485
## @param worker.extraVolumes Optionally specify extra list of additional volumes for the Airflow worker pods
2486
##
2487
extraVolumes: []
2488
## @param worker.extraVolumeClaimTemplates Optionally specify extra list of volumesClaimTemplates for the Airflow worker statefulset
2489
##
2490
extraVolumeClaimTemplates: []
2491
## @param worker.podTemplate Template to replace the default one to be use when `executor=KubernetesExecutor` to create Airflow worker pods
2492
##
2493
podTemplate: {}
2494
## Airflow worker Pod Disruption Budget
2495
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
2496
## @param worker.pdb.create Deploy a pdb object for the Airflow worker pods
2497
## @param worker.pdb.minAvailable Maximum number/percentage of unavailable Airflow worker replicas
2498
## @param worker.pdb.maxUnavailable Maximum number/percentage of unavailable Airflow worker replicas
2499
##
2500
pdb:
2501
create: true
2502
minAvailable: ""
2503
maxUnavailable: ""
2504
## Autoscaling configuration
2505
## ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/
2506
##
2507
autoscaling:
2508
## @param worker.autoscaling.vpa.enabled Enable VPA for Airflow Worker
2509
## @param worker.autoscaling.vpa.annotations Annotations for VPA resource
2510
## @param worker.autoscaling.vpa.controlledResources List of resources that the VPA can control. Defaults to cpu and memory
2511
## @param worker.autoscaling.vpa.maxAllowed VPA max allowed resources for the pod
2512
## @param worker.autoscaling.vpa.minAllowed VPA min allowed resources for the pod
2513
##
2514
vpa:
2515
enabled: false
2516
annotations: {}
2517
controlledResources: []
2518
maxAllowed: {}
2519
minAllowed: {}
2520
## @param worker.autoscaling.vpa.updatePolicy.updateMode Autoscaling update policy
2521
## Specifies whether recommended updates are applied when a Pod is started and whether recommended updates are applied during the life of a Pod
2522
## Possible values are "Off", "Initial", "Recreate", and "Auto".
2523
##
2524
updatePolicy:
2525
updateMode: Auto
2526
## @param worker.autoscaling.hpa.enabled Enable HPA for Airflow Worker
2527
## @param worker.autoscaling.hpa.minReplicas Minimum number of replicas
2528
## @param worker.autoscaling.hpa.maxReplicas Maximum number of replicas
2529
## @param worker.autoscaling.hpa.targetCPU Target CPU utilization percentage
2530
## @param worker.autoscaling.hpa.targetMemory Target Memory utilization percentage
2531
##
2532
hpa:
2533
enabled: false
2534
minReplicas: 1
2535
maxReplicas: 3
2536
targetCPU: 80
2537
targetMemory: 80
2538
## Worker Network Policies
2539
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2540
##
2541
networkPolicy:
2542
## @param worker.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2543
##
2544
enabled: true
2545
## @param worker.networkPolicy.allowExternal Don't require client label for connections
2546
## The Policy model to apply. When set to false, only pods with the correct
2547
## client label will have network access to the ports Worker is listening
2548
## on. When true, Worker will accept connections from any source
2549
## (with the correct destination port).
2550
##
2551
allowExternal: true
2552
## @param worker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2553
##
2554
allowExternalEgress: true
2555
## @param worker.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2556
## e.g:
2557
## extraIngress:
2558
## - ports:
2559
## - port: 1234
2560
## from:
2561
## - podSelector:
2562
## - matchLabels:
2563
## - role: frontend
2564
## - podSelector:
2565
## - matchExpressions:
2566
## - key: role
2567
## operator: In
2568
## values:
2569
## - frontend
2570
extraIngress: []
2571
## @param worker.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
2572
## e.g:
2573
## extraEgress:
2574
## - ports:
2575
## - port: 1234
2576
## to:
2577
## - podSelector:
2578
## - matchLabels:
2579
## - role: frontend
2580
## - podSelector:
2581
## - matchExpressions:
2582
## - key: role
2583
## operator: In
2584
## values:
2585
## - frontend
2586
##
2587
extraEgress: []
2588
## @param worker.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2589
## @param worker.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2590
##
2591
ingressNSMatchLabels: {}
2592
ingressNSPodMatchLabels: {}
2593
## @section Airflow "setup-db" K8s Job parameters
2594
##
2595
setupDBJob:
2596
## @param setupDBJob.enabled Enable setting up the Airflow database using a K8s job (otherwise it's done by the Webserver on startup)
2597
##
2598
enabled: true
2599
## @param setupDBJob.backoffLimit set backoff limit of the job
2600
##
2601
backoffLimit: 10
2602
## @param setupDBJob.command Override default container command on "setup-db" job's containers
2603
##
2604
command: []
2605
## @param setupDBJob.args Override default container args on "setup-db" job's containers
2606
##
2607
args: []
2608
## Configure "setup-db" job's container Security Context
2609
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2610
## @param setupDBJob.containerSecurityContext.enabled Enabled "setup-db" job's containers' Security Context
2611
## @param setupDBJob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in "setup-db" job's containers
2612
## @param setupDBJob.containerSecurityContext.runAsUser Set runAsUser in "setup-db" job's containers' Security Context
2613
## @param setupDBJob.containerSecurityContext.runAsGroup Set runAsUser in "setup-db" job's containers' Security Context
2614
## @param setupDBJob.containerSecurityContext.runAsNonRoot Set runAsNonRoot in "setup-db" job's containers' Security Context
2615
## @param setupDBJob.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in "setup-db" job's containers' Security Context
2616
## @param setupDBJob.containerSecurityContext.privileged Set privileged in "setup-db" job's containers' Security Context
2617
## @param setupDBJob.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in "setup-db" job's containers' Security Context
2618
## @param setupDBJob.containerSecurityContext.capabilities.add List of capabilities to be added in "setup-db" job's containers
2619
## @param setupDBJob.containerSecurityContext.capabilities.drop List of capabilities to be dropped in "setup-db" job's containers
2620
## @param setupDBJob.containerSecurityContext.seccompProfile.type Set seccomp profile in "setup-db" job's containers
2621
##
2622
containerSecurityContext:
2623
enabled: true
2624
seLinuxOptions: {}
2625
runAsUser: 1001
2626
runAsGroup: 1001
2627
runAsNonRoot: true
2628
readOnlyRootFilesystem: true
2629
privileged: false
2630
allowPrivilegeEscalation: false
2631
capabilities:
2632
add: []
2633
drop: ["ALL"]
2634
seccompProfile:
2635
type: "RuntimeDefault"
2636
## Configure "setup-db" job's pod Security Context
2637
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2638
## @param setupDBJob.podSecurityContext.enabled Enabled "setup-db" job's pods' Security Context
2639
## @param setupDBJob.podSecurityContext.fsGroupChangePolicy Set fsGroupChangePolicy in "setup-db" job's pods' Security Context
2640
## @param setupDBJob.podSecurityContext.sysctls List of sysctls to allow in "setup-db" job's pods' Security Context
2641
## @param setupDBJob.podSecurityContext.supplementalGroups List of supplemental groups to add to "setup-db" job's pods' Security Context
2642
## @param setupDBJob.podSecurityContext.fsGroup Set fsGroup in "setup-db" job's pods' Security Context
2643
##
2644
podSecurityContext:
2645
enabled: true
2646
fsGroupChangePolicy: Always
2647
sysctls: []
2648
supplementalGroups: []
2649
fsGroup: 1001
2650
## @param setupDBJob.extraEnvVars Array containing extra env vars to configure the Airflow "setup-db" job's container
2651
##
2652
extraEnvVars: []
2653
## @param setupDBJob.extraEnvVarsCM ConfigMap containing extra env vars to configure the Airflow "setup-db" job's container
2654
##
2655
extraEnvVarsCM: ""
2656
## @param setupDBJob.extraEnvVarsSecret Secret containing extra env vars to configure the Airflow "setup-db" job's container (in case of sensitive data)
2657
##
2658
extraEnvVarsSecret: ""
2659
## Airflow "setup-db" job's container resource requests and limits
2660
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2661
## @param setupDBJob.resourcesPreset Set Airflow "setup-db" job's container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if setupDBJob.resources is set (setupDBJob.resources is recommended for production).
2662
##
2663
resourcesPreset: "small"
2664
## @param setupDBJob.resources Set Airflow "setup-db" job's container requests and limits for different resources like CPU or memory (essential for production workloads)
2665
## E.g:
2666
## resources:
2667
## requests:
2668
## cpu: 2
2669
## memory: 512Mi
2670
## limits:
2671
## cpu: 3
2672
## memory: 1024Mi
2673
##
2674
resources: {}
2675
## @param setupDBJob.automountServiceAccountToken Mount Service Account token in Airflow "setup-db" job's pods
2676
##
2677
automountServiceAccountToken: false
2678
## @param setupDBJob.hostAliases Add deployment host aliases
2679
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2680
##
2681
hostAliases: []
2682
## @param setupDBJob.annotations [object] Add annotations to the Airflow "setup-db" job
2683
##
2684
annotations: {}
2685
## @param setupDBJob.podLabels Additional pod labels for Airflow "setup-db" job
2686
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2687
##
2688
podLabels: {}
2689
## @param setupDBJob.podAnnotations Additional pod annotations for Airflow "setup-db" job
2690
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2691
##
2692
podAnnotations: {}
2693
## @param setupDBJob.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
2694
## i.e. topologyKey: topology.kubernetes.io/zone
2695
##
2696
topologyKey: ""
2697
## @param setupDBJob.affinity Affinity for Airflow setup-db pods assignment (evaluated as a template)
2698
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2699
## Note: `setupDBJob.podAffinityPreset`, `setupDBJob.podAntiAffinityPreset`, and `setupDBJob.nodeAffinityPreset` will be ignored when it's set
2700
##
2701
affinity: {}
2702
## Node affinity preset
2703
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2704
## @param setupDBJob.nodeAffinityPreset.key Node label key to match. Ignored if `setupDBJob.affinity` is set.
2705
## @param setupDBJob.nodeAffinityPreset.type Node affinity preset type. Ignored if `setupDBJob.affinity` is set. Allowed values: `soft` or `hard`
2706
## @param setupDBJob.nodeAffinityPreset.values Node label values to match. Ignored if `setupDBJob.affinity` is set.
2707
##
2708
nodeAffinityPreset:
2709
## e.g:
2710
## key: "kubernetes.io/e2e-az-name"
2711
##
2712
key: ""
2713
type: ""
2714
## e.g:
2715
## values:
2716
## - e2e-az1
2717
## - e2e-az2
2718
##
2719
values: []
2720
## @param setupDBJob.nodeSelector Node labels for Airflow setup-db pods assignment
2721
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2722
##
2723
nodeSelector: {}
2724
## @param setupDBJob.podAffinityPreset Pod affinity preset. Ignored if `setupDBJob.affinity` is set. Allowed values: `soft` or `hard`.
2725
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2726
##
2727
podAffinityPreset: ""
2728
## @param setupDBJob.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `setupDBJob.affinity` is set. Allowed values: `soft` or `hard`.
2729
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2730
##
2731
podAntiAffinityPreset: soft
2732
## @param setupDBJob.tolerations Tolerations for Airflow setup-db pods assignment
2733
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2734
##
2735
tolerations: []
2736
## @param setupDBJob.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
2737
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2738
##
2739
topologySpreadConstraints: []
2740
## @param setupDBJob.priorityClassName Priority Class Name
2741
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
2742
##
2743
priorityClassName: ""
2744
## @param setupDBJob.schedulerName Use an alternate scheduler, e.g. "stork".
2745
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2746
##
2747
schedulerName: ""
2748
## @param setupDBJob.terminationGracePeriodSeconds Seconds Airflow setup-db pod needs to terminate gracefully
2749
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
2750
##
2751
terminationGracePeriodSeconds: ""
2752
## Specify temporary volume parameters for the Airflow setup-db pods
2753
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
2754
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
2755
##
2756
emptyDir:
2757
## @param setupDBJob.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
2758
## Possible values: "Memory", ""
2759
##
2760
medium: ""
2761
ephemeral:
2762
## @param setupDBJob.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
2763
##
2764
enabled: false
2765
## @param setupDBJob.ephemeral.storageClass Storage class of backing PVC
2766
## If defined, storageClassName: <storageClass>
2767
## If set to "-", storageClassName: "", which disables dynamic provisioning
2768
## If undefined (the default) or set to null, no storageClassName spec is
2769
## set, choosing the default provisioner. (gp2 on AWS, standard on
2770
## GKE, AWS & OpenStack)
2771
##
2772
storageClass: ""
2773
## @param setupDBJob.ephemeral.annotations Additional annotations for backing PVC
2774
##
2775
annotations: {}
2776
## @param setupDBJob.ephemeral.accessModes Persistent Volume Access Modes
2777
##
2778
accessModes:
2779
- ReadWriteOnce
2780
## @param setupDBJob.ephemeral.size Size of the generic ephemeral volume
2781
##
2782
size: 8Gi
2783
## @param setupDBJob.extraVolumes Optionally specify extra list of additional volumes for Airflow "setup-db" job's pods
2784
##
2785
extraVolumes: []
2786
## @param setupDBJob.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Airflow "setup-db" job's containers
2787
##
2788
extraVolumeMounts: []
2789
## @param setupDBJob.initContainers Add additional init containers to the Airflow "setup-db" job's pods
2790
## Example:
2791
## initContainers:
2792
## - name: your-image-name
2793
## image: your-image
2794
## imagePullPolicy: Always
2795
## ports:
2796
## - name: portname
2797
## containerPort: 1234
2798
##
2799
initContainers: []
2800
## @section Airflow ldap parameters
2801
2802
## LDAP configuration
2803
## @param ldap.enabled Enable LDAP authentication
2804
## @param ldap.uri Server URI, eg. ldap://ldap_server:389
2805
## @param ldap.basedn Base of the search, eg. ou=example,o=org.
2806
## @param ldap.searchAttribute if doing an indirect bind to ldap, this is the field that matches the username when searching for the account to bind to
2807
## @param ldap.firstnameField LDAP field that stores the user's first name.
2808
## @param ldap.lastnameField LDAP field that stores the user's last name.
2809
## @param ldap.emailField field that stores the user's email address, if null in LDAP, email is set to: "{username}@email.notfound"
2810
## @param ldap.binddn DN of the account used to search in the LDAP server.
2811
## @param ldap.bindpw Bind Password
2812
## @param ldap.existingSecret Name of an existing secret containing the LDAP bind password
2813
## @param ldap.userRegistration Set to True to enable user self registration
2814
## @param ldap.userRegistrationRole Set role name to be assign when a user registers himself. This role must already exist. Mandatory when using ldap.userRegistration
2815
## @param ldap.rolesMapping mapping from LDAP DN to a list of roles
2816
## @param ldap.rolesSyncAtLogin replace ALL the user's roles each login, or only on registration
2817
##
2818
ldap:
2819
enabled: false
2820
uri: "ldap://ldap_server:389"
2821
basedn: "dc=example,dc=org"
2822
searchAttribute: "cn"
2823
firstnameField: "givenName"
2824
lastnameField: "sn"
2825
emailField: "mail"
2826
binddn: "cn=admin,dc=example,dc=org"
2827
bindpw: ""
2828
existingSecret: ""
2829
userRegistration: 'True'
2830
userRegistrationRole: "Public"
2831
rolesMapping: '{ "cn=All,ou=Groups,dc=example,dc=org": ["User"], "cn=Admins,ou=Groups,dc=example,dc=org": ["Admin"], }'
2832
rolesSyncAtLogin: 'True'
2833
## SSL/TLS parameters for LDAP
2834
## @param ldap.tls.enabled Enabled TLS/SSL for LDAP, you must include the CA file.
2835
## @param ldap.tls.allowSelfSigned Allow to use self signed certificates
2836
## @param ldap.tls.certificatesSecret Name of the existing secret containing the certificate CA file that will be used by ldap client
2837
## @param ldap.tls.certificatesMountPath Where LDAP certifcates are mounted.
2838
## @param ldap.tls.CAFilename LDAP CA cert filename
2839
##
2840
tls:
2841
enabled: false
2842
allowSelfSigned: true
2843
certificatesSecret: ""
2844
certificatesMountPath: /opt/iamguarded/airflow/conf/certs
2845
CAFilename: ""
2846
## @section Traffic Exposure Parameters
2847
2848
## Airflow service parameters
2849
##
2850
service:
2851
## @param service.type Airflow service type
2852
##
2853
type: ClusterIP
2854
## @param service.ports.http Airflow service HTTP port
2855
##
2856
ports:
2857
http: 8080
2858
## Node ports to expose
2859
## @param service.nodePorts.http Node port for HTTP
2860
## NOTE: choose port between <30000-32767>
2861
##
2862
nodePorts:
2863
http: ""
2864
## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
2865
## Values: ClientIP or None
2866
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
2867
##
2868
sessionAffinity: None
2869
## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
2870
## sessionAffinityConfig:
2871
## clientIP:
2872
## timeoutSeconds: 300
2873
##
2874
sessionAffinityConfig: {}
2875
## @param service.clusterIP Airflow service Cluster IP
2876
## e.g.:
2877
## clusterIP: None
2878
##
2879
clusterIP: ""
2880
## @param service.loadBalancerIP Airflow service Load Balancer IP
2881
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2882
##
2883
loadBalancerIP: ""
2884
## @param service.loadBalancerSourceRanges Airflow service Load Balancer sources
2885
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2886
## e.g:
2887
## loadBalancerSourceRanges:
2888
## - 10.10.10.0/24
2889
##
2890
loadBalancerSourceRanges: []
2891
## @param service.externalTrafficPolicy Airflow service external traffic policy
2892
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2893
##
2894
externalTrafficPolicy: Cluster
2895
## @param service.annotations Additional custom annotations for Airflow service
2896
##
2897
annotations: {}
2898
## @param service.extraPorts Extra port to expose on Airflow service
2899
##
2900
extraPorts: []
2901
## Airflow ingress parameters
2902
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
2903
##
2904
ingress:
2905
## @param ingress.enabled Enable ingress record generation for Airflow
2906
##
2907
enabled: false
2908
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2909
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2910
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2911
##
2912
ingressClassName: ""
2913
## @param ingress.pathType Ingress path type
2914
##
2915
pathType: ImplementationSpecific
2916
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
2917
##
2918
apiVersion: ""
2919
## @param ingress.hostname Default host for the ingress record
2920
##
2921
hostname: airflow.local
2922
## @param ingress.path Default path for the ingress record
2923
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
2924
##
2925
path: /
2926
## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
2927
## Use this parameter to set the required annotations for cert-manager, see
2928
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2929
## e.g:
2930
## annotations:
2931
## kubernetes.io/ingress.class: nginx
2932
## cert-manager.io/cluster-issuer: cluster-issuer-name
2933
##
2934
annotations: {}
2935
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
2936
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
2937
## You can:
2938
## - Use the `ingress.secrets` parameter to create this TLS secret
2939
## - Rely on cert-manager to create it by setting the corresponding annotations
2940
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
2941
##
2942
tls: false
2943
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2944
##
2945
selfSigned: false
2946
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
2947
## e.g:
2948
## extraHosts:
2949
## - name: airflow.local
2950
## path: /
2951
##
2952
extraHosts: []
2953
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
2954
## e.g:
2955
## extraPaths:
2956
## - path: /*
2957
## backend:
2958
## serviceName: ssl-redirect
2959
## servicePort: use-annotation
2960
##
2961
extraPaths: []
2962
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
2963
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2964
## e.g:
2965
## extraTls:
2966
## - hosts:
2967
## - airflow.local
2968
## secretName: airflow.local-tls
2969
##
2970
extraTls: []
2971
## @param ingress.secrets Custom TLS certificates as secrets
2972
## NOTE: 'key' and 'certificate' are expected in PEM format
2973
## NOTE: 'name' should line up with a 'secretName' set further up
2974
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
2975
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
2976
## It is also possible to create and manage the certificates outside of this helm chart
2977
## Please see README.md for more information
2978
## e.g:
2979
## secrets:
2980
## - name: airflow.local-tls
2981
## key: |-
2982
## -----BEGIN RSA PRIVATE KEY-----
2983
## ...
2984
## -----END RSA PRIVATE KEY-----
2985
## certificate: |-
2986
## -----BEGIN CERTIFICATE-----
2987
## ...
2988
## -----END CERTIFICATE-----
2989
##
2990
secrets: []
2991
## @param ingress.extraRules Additional rules to be covered with this ingress record
2992
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2993
## e.g:
2994
## extraRules:
2995
## - host: example.local
2996
## http:
2997
## path: /
2998
## backend:
2999
## service:
3000
## name: example-svc
3001
## port:
3002
## name: http
3003
##
3004
extraRules: []
3005
## @section Other Parameters
3006
3007
## Service account for Airflow pods to use.
3008
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
3009
##
3010
serviceAccount:
3011
## @param serviceAccount.create Enable creation of ServiceAccount for Airflow pods
3012
##
3013
create: true
3014
## @param serviceAccount.name The name of the ServiceAccount to use.
3015
## If not set and create is true, a name is generated using the common.names.fullname template
3016
##
3017
name: ""
3018
## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
3019
## Can be set to false if pods using this serviceAccount do not need to use K8s API
3020
##
3021
automountServiceAccountToken: false
3022
## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount
3023
##
3024
annotations: {}
3025
## Role Based Access
3026
## Ref: https://kubernetes.io/docs/admin/authorization/rbac/
3027
## @param rbac.create Create Role and RoleBinding
3028
##
3029
rbac:
3030
create: false
3031
## @param rbac.rules Custom RBAC rules to set
3032
## e.g:
3033
## rules:
3034
## - apiGroups:
3035
## - ""
3036
## resources:
3037
## - pods
3038
## verbs:
3039
## - get
3040
## - list
3041
##
3042
rules: []
3043
## @section StatsD metrics parameters
3044
##
3045
metrics:
3046
## @param metrics.enabled Enable a StatsD exporter that collects StatsD metrics from Airflow components and expose them as Prometheus metrics
3047
##
3048
enabled: false
3049
## Iamguarded StatsD exporter image
3050
## @param metrics.image.registry [default: REGISTRY_NAME] StatsD exporter image registry
3051
## @param metrics.image.repository [default: REPOSITORY_NAME/statsd-exporter] StatsD exporter image repository
3052
## @skip metrics.image.tag StatsD exporter image tag (immutable tags are recommended)
3053
## @param metrics.image.digest StatsD exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
3054
## @param metrics.image.pullPolicy StatsD exporter image pull policy
3055
## @param metrics.image.pullSecrets StatsD exporter image pull secrets
3056
##
3057
image:
3058
registry: cgr.dev
3059
repository: chainguard-private/prometheus-statsd-exporter-iamguarded
3060
tag: 0.28.0
3061
digest: ""
3062
pullPolicy: IfNotPresent
3063
## Optionally specify an array of imagePullSecrets.
3064
## Secrets must be manually created in the namespace.
3065
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
3066
## e.g:
3067
## pullSecrets:
3068
## - myRegistryKeySecretName
3069
##
3070
pullSecrets: []
3071
## @param metrics.configuration Specify content for StatsD exporter's mappings.yml
3072
##
3073
configuration: ""
3074
## @param metrics.existingConfigmap Name of an existing config map containing the StatsD exporter's mappings.yml
3075
##
3076
existingConfigmap: ""
3077
## @param metrics.containerPorts.ingest StatsD exporter ingest container port (used for the metrics ingestion from Airflow components)
3078
## @param metrics.containerPorts.metrics StatsD exporter metrics container port (used to expose Prometheus metrics)
3079
##
3080
containerPorts:
3081
ingest: 9125
3082
metrics: 9102
3083
## StatsD exporter resource requests and limits
3084
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3085
## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
3086
##
3087
resourcesPreset: "nano"
3088
## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3089
## Example:
3090
## resources:
3091
## requests:
3092
## cpu: 2
3093
## memory: 512Mi
3094
## limits:
3095
## cpu: 3
3096
## memory: 1024Mi
3097
##
3098
resources: {}
3099
## StatsD exporter pods' Security Context
3100
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3101
## @param metrics.podSecurityContext.enabled Enable security context for the pods
3102
## @param metrics.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
3103
## @param metrics.podSecurityContext.sysctls Set kernel settings using the sysctl interface
3104
## @param metrics.podSecurityContext.supplementalGroups Set filesystem extra groups
3105
## @param metrics.podSecurityContext.fsGroup Set StatsD exporter pod's Security Context fsGroup
3106
##
3107
podSecurityContext:
3108
enabled: true
3109
fsGroupChangePolicy: Always
3110
sysctls: []
3111
supplementalGroups: []
3112
fsGroup: 1001
3113
## StatsD exporter containers' Security Context
3114
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
3115
## @param metrics.containerSecurityContext.enabled Enable StatsD exporter containers' Security Context
3116
## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
3117
## @param metrics.containerSecurityContext.runAsUser Set StatsD exporter containers' Security Context runAsUser
3118
## @param metrics.containerSecurityContext.runAsGroup Set StatsD exporter containers' Security Context runAsGroup
3119
## @param metrics.containerSecurityContext.runAsNonRoot Set StatsD exporter containers' Security Context runAsNonRoot
3120
## @param metrics.containerSecurityContext.privileged Set StatsD exporter containers' Security Context privileged
3121
## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set StatsD exporter containers' Security Context allowPrivilegeEscalation
3122
## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set StatsD exporter containers' Security Context readOnlyRootFilesystem
3123
## @param metrics.containerSecurityContext.capabilities.drop List of capabilities to be dropped
3124
## @param metrics.containerSecurityContext.seccompProfile.type Set containers' Security Context seccomp profile
3125
## e.g:
3126
## containerSecurityContext:
3127
## enabled: true
3128
## capabilities:
3129
## drop: ["NET_RAW"]
3130
## readOnlyRootFilesystem: true
3131
##
3132
containerSecurityContext:
3133
enabled: true
3134
seLinuxOptions: {}
3135
runAsUser: 1001
3136
runAsGroup: 1001
3137
runAsNonRoot: true
3138
privileged: false
3139
allowPrivilegeEscalation: false
3140
readOnlyRootFilesystem: true
3141
capabilities:
3142
drop: ["ALL"]
3143
seccompProfile:
3144
type: "RuntimeDefault"
3145
## Configure extra options for StatsD exporter containers' liveness, readiness and startup probes
3146
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
3147
## @param metrics.livenessProbe.enabled Enable livenessProbe on StatsD exporter containers
3148
## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
3149
## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
3150
## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
3151
## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
3152
## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
3153
##
3154
livenessProbe:
3155
enabled: true
3156
initialDelaySeconds: 180
3157
periodSeconds: 20
3158
timeoutSeconds: 5
3159
failureThreshold: 6
3160
successThreshold: 1
3161
## @param metrics.readinessProbe.enabled Enable readinessProbe on StatsD exporter containers
3162
## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
3163
## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
3164
## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
3165
## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
3166
## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
3167
##
3168
readinessProbe:
3169
enabled: true
3170
initialDelaySeconds: 30
3171
periodSeconds: 10
3172
timeoutSeconds: 5
3173
failureThreshold: 6
3174
successThreshold: 1
3175
## @param metrics.startupProbe.enabled Enable startupProbe on StatsD exporter containers
3176
## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
3177
## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
3178
## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
3179
## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
3180
## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
3181
##
3182
startupProbe:
3183
enabled: false
3184
initialDelaySeconds: 60
3185
periodSeconds: 10
3186
timeoutSeconds: 1
3187
failureThreshold: 15
3188
successThreshold: 1
3189
## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one
3190
##
3191
customLivenessProbe: {}
3192
## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one
3193
##
3194
customReadinessProbe: {}
3195
## @param metrics.customStartupProbe Custom startupProbe that overrides the default one
3196
##
3197
customStartupProbe: {}
3198
## @param metrics.lifecycleHooks for the StatsD exporter containers' to automate configuration before or after startup
3199
##
3200
lifecycleHooks: {}
3201
## @param metrics.automountServiceAccountToken Mount Service Account token in pod
3202
##
3203
automountServiceAccountToken: false
3204
## @param metrics.hostAliases StatsD exporter pods host aliases
3205
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3206
##
3207
hostAliases: []
3208
## @param metrics.podLabels Extra labels for StatsD exporter pods
3209
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3210
##
3211
podLabels: {}
3212
## @param metrics.podAnnotations Extra annotations for StatsD exporter pods
3213
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3214
##
3215
podAnnotations: {}
3216
## @param metrics.topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
3217
## i.e. topologyKey: topology.kubernetes.io/zone
3218
##
3219
topologyKey: ""
3220
## @param metrics.podAffinityPreset Pod affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard`
3221
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3222
##
3223
podAffinityPreset: ""
3224
## @param metrics.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard`
3225
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3226
##
3227
podAntiAffinityPreset: soft
3228
## Node metrics.affinity preset
3229
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3230
##
3231
nodeAffinityPreset:
3232
## @param metrics.nodeAffinityPreset.type Node affinity preset type. Ignored if `metrics.affinity` is set. Allowed values: `soft` or `hard`
3233
##
3234
type: ""
3235
## @param metrics.nodeAffinityPreset.key Node label key to match Ignored if `metrics.affinity` is set.
3236
## E.g.
3237
## key: "kubernetes.io/e2e-az-name"
3238
##
3239
key: ""
3240
## @param metrics.nodeAffinityPreset.values Node label values to match. Ignored if `metrics.affinity` is set.
3241
## E.g.
3242
## values:
3243
## - e2e-az1
3244
## - e2e-az2
3245
##
3246
values: []
3247
## @param metrics.affinity Affinity for StatsD exporter pods assignment
3248
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3249
## Note: metrics.podAffinityPreset, metrics.podAntiAffinityPreset, and metrics.nodeAffinityPreset will be ignored when it's set
3250
##
3251
affinity: {}
3252
## @param metrics.nodeSelector Node labels for StatsD exporter pods assignment
3253
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3254
##
3255
nodeSelector: {}
3256
## @param metrics.priorityClassName StatsD exporter pods' priorityClassName
3257
##
3258
priorityClassName: ""
3259
## @param metrics.tolerations Tolerations for pod assignment
3260
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3261
##
3262
tolerations: []
3263
## @param metrics.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
3264
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
3265
##
3266
topologySpreadConstraints: []
3267
## @param metrics.schedulerName Name of the k8s scheduler (other than default) for StatsD exporter
3268
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3269
##
3270
schedulerName: ""
3271
## @param metrics.terminationGracePeriodSeconds Seconds StatsD exporter pod needs to terminate gracefully
3272
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
3273
##
3274
terminationGracePeriodSeconds: ""
3275
## Specify temporary volume parameters for the StatsD exporter pods
3276
## ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
3277
## ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/#generic-ephemeral-volumes
3278
##
3279
emptyDir:
3280
## @param metrics.emptyDir.medium Override emptyDir Volume type, defaults to emptyDir: {}
3281
## Possible values: "Memory", ""
3282
##
3283
medium: ""
3284
ephemeral:
3285
## @param metrics.ephemeral.enabled Use a generic ephemeral volume instead of an emptyDir
3286
##
3287
enabled: false
3288
## @param metrics.ephemeral.storageClass Storage class of backing PVC
3289
## If defined, storageClassName: <storageClass>
3290
## If set to "-", storageClassName: "", which disables dynamic provisioning
3291
## If undefined (the default) or set to null, no storageClassName spec is
3292
## set, choosing the default provisioner. (gp2 on AWS, standard on
3293
## GKE, AWS & OpenStack)
3294
##
3295
storageClass: ""
3296
## @param metrics.ephemeral.annotations Additional annotations for backing PVC
3297
##
3298
annotations: {}
3299
## @param metrics.ephemeral.accessModes Persistent Volume Access Modes
3300
##
3301
accessModes:
3302
- ReadWriteOnce
3303
## @param metrics.ephemeral.size Size of the generic ephemeral volume
3304
##
3305
size: 8Gi
3306
## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the StatsD exporter pods
3307
##
3308
extraVolumes: []
3309
## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the StatsD exporter containers
3310
##
3311
extraVolumeMounts: []
3312
## StatsD metrics service configuration
3313
##
3314
service:
3315
## @param metrics.service.ports.ingest StatsD exporter ingest service port (used for the metrics ingestion from Airflow components)
3316
## @param metrics.service.ports.metrics StatsD exporter metrics service port (used to expose Prometheus metrics)
3317
##
3318
ports:
3319
ingest: 9125
3320
metrics: 9102
3321
## @param metrics.service.clusterIP Static clusterIP or None for headless services
3322
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address
3323
##
3324
clusterIP: ""
3325
## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin
3326
## Values: ClientIP or None
3327
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
3328
##
3329
sessionAffinity: None
3330
## @param metrics.service.annotations [object] Annotations for the StatsD metrics service
3331
##
3332
annotations:
3333
prometheus.io/scrape: "true"
3334
prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
3335
## Prometheus Operator ServiceMonitor configuration
3336
##
3337
serviceMonitor:
3338
## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`)
3339
##
3340
enabled: false
3341
## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running
3342
##
3343
namespace: ""
3344
## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
3345
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3346
##
3347
interval: ""
3348
## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
3349
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3350
##
3351
scrapeTimeout: ""
3352
## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus
3353
##
3354
labels: {}
3355
## @param metrics.serviceMonitor.selector Prometheus instance selector labels
3356
##
3357
selector: {}
3358
## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
3359
##
3360
relabelings: []
3361
## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
3362
##
3363
metricRelabelings: []
3364
## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
3365
##
3366
honorLabels: false
3367
## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3368
##
3369
jobLabel: ""
3370
## Metrics Network Policies
3371
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3372
##
3373
networkPolicy:
3374
## @param metrics.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
3375
##
3376
enabled: true
3377
## @param metrics.networkPolicy.allowExternal Don't require client label for connections
3378
## The Policy model to apply. When set to false, only pods with the correct
3379
## client label will have network access to the ports Metrics is listening
3380
## on. When true, Metrics will accept connections from any source
3381
## (with the correct destination port).
3382
##
3383
allowExternal: true
3384
## @param metrics.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
3385
##
3386
allowExternalEgress: true
3387
## @param metrics.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
3388
## e.g:
3389
## extraIngress:
3390
## - ports:
3391
## - port: 1234
3392
## from:
3393
## - podSelector:
3394
## - matchLabels:
3395
## - role: frontend
3396
## - podSelector:
3397
## - matchExpressions:
3398
## - key: role
3399
## operator: In
3400
## values:
3401
## - frontend
3402
extraIngress: []
3403
## @param metrics.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
3404
## e.g:
3405
## extraEgress:
3406
## - ports:
3407
## - port: 1234
3408
## to:
3409
## - podSelector:
3410
## - matchLabels:
3411
## - role: frontend
3412
## - podSelector:
3413
## - matchExpressions:
3414
## - key: role
3415
## operator: In
3416
## values:
3417
## - frontend
3418
##
3419
extraEgress: []
3420
## @param metrics.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
3421
## @param metrics.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
3422
##
3423
ingressNSMatchLabels: {}
3424
ingressNSPodMatchLabels: {}
3425
## @section Airflow database parameters
3426
3427
## PostgreSQL chart configuration
3428
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
3429
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
3430
## @param postgresql.auth.username Name for a custom user to create
3431
## @param postgresql.auth.password Password for the custom user to create
3432
## @param postgresql.auth.database Name for a custom database to create
3433
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
3434
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
3435
##
3436
postgresql:
3437
enabled: true
3438
auth:
3439
enablePostgresUser: true
3440
username: ig_airflow
3441
password: ""
3442
database: iamguarded_airflow
3443
existingSecret: ""
3444
architecture: standalone
3445
primary:
3446
## PostgreSQL Primary resource requests and limits
3447
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3448
## @param postgresql.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
3449
##
3450
resourcesPreset: "nano"
3451
## @param postgresql.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3452
## Example:
3453
## resources:
3454
## requests:
3455
## cpu: 2
3456
## memory: 512Mi
3457
## limits:
3458
## cpu: 3
3459
## memory: 1024Mi
3460
##
3461
resources: {}
3462
image:
3463
registry: cgr.dev
3464
repository: chainguard-private/postgres-iamguarded
3465
tag: 18.3-r2
3466
digest: ""
3467
metrics:
3468
image:
3469
registry: cgr.dev
3470
repository: chainguard-private/prometheus-postgres-exporter-iamguarded
3471
tag: 0.19.1
3472
digest: ""
3473
volumePermissions:
3474
image:
3475
registry: cgr.dev
3476
repository: chainguard-private/os-shell-iamguarded
3477
tag: 1.0.0
3478
digest: ""
3479
## External PostgreSQL configuration
3480
## All of these values are only used when postgresql.enabled is set to false
3481
## @param externalDatabase.host Database host (ignored if externalDatabase.sqlConnection is set)
3482
## @param externalDatabase.port Database port number (ignored if externalDatabase.sqlConnection is set)
3483
## @param externalDatabase.user Non-root username for Airflow (ignored if externalDatabase.sqlConnection is set)
3484
## @param externalDatabase.password Password for the non-root username for Airflow (ignored if externalDatabase.sqlConnection or externalDatabase.existingSecret are set)
3485
## @param externalDatabase.database Airflow database name (ignored if externalDatabase.sqlConnection is set)
3486
## @param externalDatabase.sqlConnection SQL connection string
3487
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
3488
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials (ignored if externalDatabase.existingSecretSqlConnectionKey is set)
3489
## @param externalDatabase.existingSecretSqlConnectionKey Name of an existing secret key containing the SQL connection string
3490
##
3491
externalDatabase:
3492
host: localhost
3493
port: 5432
3494
user: ig_airflow
3495
database: iamguarded_airflow
3496
password: ""
3497
sqlConnection: ""
3498
existingSecret: ""
3499
existingSecretPasswordKey: ""
3500
existingSecretSqlConnectionKey: ""
3501
## Redis® chart configuration
3502
## @param redis.enabled Switch to enable or disable the Redis® helm
3503
## @param redis.auth.enabled Enable password authentication
3504
## @param redis.auth.password Redis® password
3505
## @param redis.auth.existingSecret The name of an existing secret with Redis® credentials
3506
## @param redis.architecture Redis® architecture. Allowed values: `standalone` or `replication`
3507
##
3508
redis:
3509
enabled: true
3510
auth:
3511
enabled: true
3512
## Redis® password (both master and slave). Defaults to a random 10-character alphanumeric string if not set and auth.enabled is true.
3513
## It should always be set using the password value or in the existingSecret to avoid issues
3514
## with Airflow.
3515
## The password value is ignored if existingSecret is set
3516
password: ""
3517
existingSecret: ""
3518
architecture: standalone
3519
master:
3520
## @param redis.master.service.ports.redis Redis® port
3521
##
3522
service:
3523
ports:
3524
redis: 6379
3525
## Redis® master resource requests and limits
3526
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3527
## @param redis.master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
3528
##
3529
resourcesPreset: "nano"
3530
## @param redis.master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3531
## Example:
3532
## resources:
3533
## requests:
3534
## cpu: 2
3535
## memory: 512Mi
3536
## limits:
3537
## cpu: 3
3538
## memory: 1024Mi
3539
##
3540
resources: {}
3541
image:
3542
registry: cgr.dev
3543
repository: chainguard-private/redis-server-iamguarded
3544
tag: 8.6.0
3545
digest: ""
3546
sentinel:
3547
image:
3548
registry: cgr.dev
3549
repository: chainguard-private/redis-sentinel-iamguarded
3550
tag: 8.6.0
3551
digest: ""
3552
metrics:
3553
image:
3554
registry: cgr.dev
3555
repository: chainguard-private/prometheus-redis-exporter-iamguarded
3556
tag: 1.81.0
3557
digest: ""
3558
kubectl:
3559
image:
3560
registry: cgr.dev
3561
repository: chainguard-private/kubectl-iamguarded
3562
tag: 1.35.2
3563
digest: ""
3564
volumePermissions:
3565
image:
3566
registry: cgr.dev
3567
repository: chainguard-private/os-shell-iamguarded
3568
tag: 1.0.0
3569
digest: ""
3570
sysctl:
3571
image:
3572
registry: cgr.dev
3573
repository: chainguard-private/os-shell-iamguarded
3574
tag: 1.0.0
3575
digest: ""
3576
## External Redis® configuration
3577
## All of these values are only used when redis.enabled is set to false
3578
## @param externalRedis.host Redis® host
3579
## @param externalRedis.port Redis® port number
3580
## @param externalRedis.username Redis® username
3581
## @param externalRedis.password Redis® password
3582
## @param externalRedis.existingSecret Name of an existing secret resource containing the Redis&trade credentials
3583
## @param externalRedis.existingSecretPasswordKey Name of an existing secret key containing the Redis&trade credentials
3584
##
3585
externalRedis:
3586
host: localhost
3587
port: 6379
3588
## Most Redis® implementations do not require a username
3589
## to authenticate and it should be enough with the password
3590
username: ""
3591
password: ""
3592
existingSecret: ""
3593
existingSecretPasswordKey: ""
3594